Backup and Recovery

This document outlines the backup and recovery procedures for ProAuth, highlighting the critical components that need to be backed up and providing guidance on recovery scenarios.

Overview

ProAuth's data architecture consists of several components that must be considered in your backup strategy:

1. ProAuth Main Database: Contains all system configurations and settings
2. User Store Databases: Contains user identity information, potentially across multiple databases
3. Encryption Keys: Used to protect sensitive information in the databases
4. Auxiliary Services: Used for caching, sessions, and messaging (Redis, RabbitMQ, etc.)

Database Backup Strategy

ProAuth Main Database

The ProAuth main database contains critical configuration data including:

• Identity provider configurations
• Client registrations
• API scopes and resources
• System settings
• Permissions and roles

This database should be backed up frequently according to your organization's RPO (Recovery Point Objective) requirements.

User Store Databases

User store databases contain all user-related information:

• User profiles
• Credentials
• Claims
• Consent records

ProAuth supports multiple user store configurations:

• Each user store can have its dedicated database
• Multiple user store instances can share a single database

All user store databases must be included in your backup schedule, ideally with the same frequency as the main ProAuth database.

Consistency Between Databases

To ensure system integrity, it's important that backups of the ProAuth main database and user store databases maintain referential consistency. When possible, use backup solutions that support transaction-consistent backups across multiple databases.

If you cannot ensure consistency between backups (for example, if they are taken at different times), ProAuth provides mechanisms to re-synchronize user store data with the main database through API calls after recovery.

Encryption Keys Backup

ProAuth encrypts sensitive information in the databases using external encryption keys through Data Protection with X509 certificates. These encryption keys are critical and must be backed up; without them, encrypted data in restored databases cannot be accessed.

Key Configuration

Encryption keys are configured in the appsettings section of the Helm chart:

encryptionkeys:
  mode: "" ## empty to disable, currently supported X509
  certificate: ""
  certificatepassword: ""
  keyrotationdecryptioncertificates: []
  #- certificate: ""
  #  certificatepassword: ""
  #- certificate: ""
  #  certificatepassword: ""

Key Rotation Support

ProAuth supports key rotation to enhance security. The current certificate is used for encryption, while previous certificates (listed under keyrotationdecryptioncertificates) are maintained for decryption of data encrypted with older keys.

Backup Recommendations for Keys

1. Store certificates in a secure, backed-up location
2. Consider using a certificate management solution or key vault
3. Ensure certificate passwords are securely stored
4. Document your key rotation schedule and procedures
5. Include certificates in your disaster recovery plans

Auxiliary Services Backup

ProAuth uses additional services for:

• Pub/sub messaging
• Caching
• Session state storage

These are typically implemented using technologies like Redis, RabbitMQ, or similar services.

Data Criticality

Data loss in these auxiliary services is not critical to system integrity. If this state is lost:

• Users might need to re-login as tokens will be marked as revoked
• Session state will be lost
• Temporary caches will be rebuilt automatically

While not as critical as databases and encryption keys, it's still recommended to include these services in your backup strategy if feasible, especially if you want to minimize user disruption in recovery scenarios.

Recovery Procedures

Database Recovery

1. Restore the ProAuth main database from backup
2. Restore all user store databases from backup
3. Verify database connectivity from the application
4. If databases were restored from backups taken at different times, run the user store synchronization API to realign data

Encryption Key Recovery

1. Ensure the encryption keys (certificates) are available
2. Configure the helm chart with the correct certificate paths and passwords
3. Deploy or restart the application

Testing Recovery

It's recommended to regularly test recovery procedures to ensure:

• Backups are valid and can be restored
• The application can access restored databases
• Encryption keys can decrypt the data properly
• The system functions correctly after recovery

Best Practices

1. Regular Backups: Schedule frequent backups of all ProAuth and user store databases
2. Secure Key Storage: Store encryption certificates in secure, backed-up locations
3. Consistent Backups: Use transaction-consistent backup solutions when possible
4. Recovery Testing: Periodically test recovery procedures
5. Documentation: Maintain documentation of database schemas, connectivity details, and key rotation history
6. Monitoring: Implement monitoring to verify successful backup completion

By following these guidelines, you can ensure that your ProAuth implementation is resilient to data loss and can be recovered efficiently when needed.