Skip to main content

Backup and restore your authentik instance

This guide outlines the critical components to back up and restore in authentik.

PostgreSQL database

Backup

  • Role: Stores all persistent data (users, policies, configurations, etc.).
  • Impact of Loss: Complete data loss, requiring full restoration to recover functionality.
  • Backup Guidance:
  • Official Documentation: PostgreSQL Backup and Restore

Restore

  • Restoration Importance: Essential for full recovery; authentik will not function without it.
  • Restoration Guidance:
    • Use PostgreSQL's pg_restore or other official methods.

Redis database

Backup

  • Role: Manages temporary data:
    • User sessions (lost data = users must reauthenticate).
    • Pending tasks (e.g., queued emails, outpost syncs).
  • Impact of Loss: Service interruptions (e.g., users logged out), and potential permanent data loss (e.g., queued emails).
  • Backup Guidance:
  • Official Documentation: Redis Persistence

Restore

  • Restoration Importance: Service impact but no permanent data loss.
  • Restoration Guidance:

Static directories

These directories are mounted as volumes in containerized installations and must be restored if they were part of the backup to maintain authentik’s expected functionality.

DirectoryPurposeBackup and Restore Notes
/mediaStores application icons, flow backgrounds, and uploaded files.Only required if not using S3 external storage. External storage should be backed up using the AWS S3 Sync utility.
/certsStores TLS certificates in the filesystem.Backup if you rely on these certificates present in the filesystem. Not needed if authentik has already imported them, as certificates are stored in the database.
/custom-templatesStores custom changes to the authentik UI.Required if you modified authentik's default appearance.
/blueprintsStores blueprints.Optional but recommended if using custom blueprints.