Backup & Restore

The License Server includes built-in backup and restore capabilities for both SQLite and PostgreSQL deployments. Backups capture the database, configuration, and notification settings so the server can be fully recovered from a single backup file.

Automatic Backups

Enable automatic backups through environment variables or config.yaml:

LICENSE_BACKUP_ENABLED=true
LICENSE_BACKUP_PATH=/app/backups
LICENSE_BACKUP_ENCRYPTION_KEY=your-encryption-key  # AES-256

Or in config.yaml:

backup:
  enabled: true
  path: /app/backups
  encryption_key: "your-encryption-key"

When automatic backups are enabled, the server creates periodic snapshots and stores them in the configured backup directory. Old backups are cleaned up according to the retention policy.

Manual Backup

CLI

# Create a backup
license-server backup create

# Via Docker
docker compose exec license-server /app/license-server backup create

# List available backups
license-server backup list

# Restore from a backup
license-server backup restore <backup-id>

# Validate a backup file
license-server backup validate <backup-id>

Admin UI

In the admin dashboard, navigate to the backup management section. From there you can create, download, and restore backups through the web interface.

API

The backup endpoints are available through the REST API under /api/backups. Use the admin API token for authentication:

# Create backup
curl -X POST -H "Authorization: Bearer $TOKEN" \
  https://license.example.com/api/backups

# List backups
curl -H "Authorization: Bearer $TOKEN" \
  https://license.example.com/api/backups

# Restore backup
curl -X POST -H "Authorization: Bearer $TOKEN" \
  https://license.example.com/api/backups/<backup-id>/restore

Backup Contents

Each backup includes:

Database — full copy of the SQLite database or PostgreSQL dump containing all licenses, customers, features, entitlements, users, and audit logs.
Configuration — server configuration settings.
Notification settings — email templates, webhook URLs, and alert rules.

PostgreSQL Backup

For PostgreSQL deployments, you can also use native PostgreSQL tools:

Dump

docker compose exec postgres pg_dump -U license license_server > backup.sql

Restore

docker compose exec -T postgres psql -U license license_server < backup.sql

These native backups are independent of the License Server’s built-in backup system. You can use either approach or both for defense in depth.

Best Practices

Test Restores Regularly

A backup is only useful if it can be restored. Schedule periodic restore tests against a staging environment to verify backup integrity.

Off-Site Storage

Copy backups to a location separate from the server. If the server’s storage fails, local backups are lost as well. Use cloud storage, NFS, or a separate backup server.

Enable Encryption

Always set LICENSE_BACKUP_ENCRYPTION_KEY for production deployments. Without encryption, anyone with access to the backup files can read all license data, customer information, and signing keys.

# Generate a strong encryption key
openssl rand -base64 32

Store the encryption key securely and separately from the backups themselves. Without the key, encrypted backups cannot be restored.

Monitor Backup Status

Check backup health as part of your monitoring:

# Verify the latest backup exists and is recent
license-server backup list

Integrate with your alerting system to detect missed or failed backups.

Retention Policy

Keep enough backup history to recover from data corruption that might not be noticed immediately:

Daily backups retained for at least 7 days.
Weekly backups retained for at least 30 days.
Monthly backups retained for at least 90 days.

Configure retention via the LICENSE_BACKUP_RETENTION_DAYS environment variable or the backup.retention_days config key.