Restore a backup

Pre-requisites

To restore a Vault Backup, ensure you:

• Have a Vault cluster deployed.
• Your Vault deployment is in active idle state.
• Have access to S3 storage where your backup is saved.
• Have configured the settings for S3 storage.
• Have access to the unseal keys and root-token used by the Vault cluster at the time of creating the backup.

Once the prerequisites are in place you can run the restore-backup action on the leader unit to restore the specified backup, providing the following parameters to the action:

• backup-id: Identifier of the backup you are attempting to restore, as saved on the S3 storage.
• unseal-keys: A list of the unseal keys of the Vault cluster at the time of the backup.
• root-token: The root token of the Vault cluster at the time of creating the backup.

juju run vault/leader restore-backup backup-id=<backup-id> unseal-key=<unseal-keys> root-token=<root-token>

List backups

You can get a list of the identifiers of all the backups that are stored on the configured S3 storage using the list-backups action:

juju run vault/leader list-backups

Restore Backups created in different environments

To restore a snapshot that wasn’t created using the Vault charm’s create-backup action, you’ll need to manually upload it to the S3 storage accessible by the Vault charm where the restore-backup action will run.

1. Configure the settings for S3 storage.
2. Connect to your S3 storage
3. Use the same bucket configured in step 1 to store the snapshot
4. Use the ID of the stored snapshot to run the restore backup action