Secryn protects backup data using application-level encryption with secure key handling. Backups capture the complete system state and are available only to administrators.
Each backup includes projects, vaults (restricted and standard), secrets with full history, keys, certificates, access keys, permissions, users, roles, RBAC configuration, system settings, and all log types (audit, request, user, MCP). Snapshots are atomic and consistent.
For every backup:
Admins can create backups on demand. Each backup is immutable, timestamped, and validated with integrity checks. Multiple backups can coexist for point-in-time recovery.
Automated backups support configurable frequency, execution time, and retention (keep last N backups or purge after N days). Retention rules run after each backup to prune older copies. Backup key material exposed during the workflow should be captured and stored through the same recovery process you use for manual backups.
Restoring a backup fully replaces the current database, restoring all projects, vaults, resources, users, and configuration as captured. Restores are destructive and require the backup file plus the corresponding backup key material.
Backups in Secryn support long-term reliability and disaster recovery within Secryn's broader security model of application-level encryption, RBAC, audit logs, HTTPS in transit, and self-hosted control.