Realm Disaster Recovery Strategy

[Björn Eickvonder]

Hi,

we operate a Keycloak instance with quite a number of realms whereby each realm is managed by a different team. 

How can we now restore a single realm (in case team accidentally deleted stuff or did other severe things) from a backup. We have continuous database backups but that doesn’t directly help, because we don’t want to restore everything but just a single realm.

I also came across kc export/import feature, but documentation says that servers must be shutdown for this, which is hard to do if we just want a single realm to be restored.

I thought about the following:

- Restoring database backup to a new database

- Configuring a dedicated export Keycloak instance against this database

- Not starting that instance but just doing a kc export of the realm I want to restore 

- Now I configure  that instance against the existing productive database, I do not start it but just do a kc import.

Will this work, especially the last step? Any other recommendations?

Björn

[Garth]

I don’t know if this still works, but we used to do a similar process to “eject” a realm from a Keycloak instance with multiple realms:

1. Take a full database snapshot from prod
2. Restore the snapshot locally
3. Use the Keycloak admin or API to delete the realms except the one we want
4. Take a database snapshot (with schema if you’re importing to an empty database, data-only if the Keycloak schema is already present)
5. Import the database to the target

My guess is there would probably be a step 3.5 where you need to clean some other things up so it wouldn’t clobber them in your prod database when you import.

> --
> You received this message because you are subscribed to the Google
> Groups "Keycloak User" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to keycloak-use...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/keycloak-user/155d9852-79eb-4077-a75b-e090aa8a99ean%40googlegroups.com
> <https://groups.google.com/d/msgid/keycloak-user/155d9852-79eb-4077-a75b-e090aa8a99ean%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Björn Eickvonder]

That is not exactly what I want to achieve, I want keep all other realms in prod untouched, I just want to restore a single realm to a previous state.

Björn

[Garth]

Looks like I did a bad job of describing it, as you can do exactly that with this method.

> https://groups.google.com/d/msgid/keycloak-user/66578d39-3b14-4aab-86da-987f5f42a4a4n%40googlegroups.com
> <https://groups.google.com/d/msgid/keycloak-user/66578d39-3b14-4aab-86da-987f5f42a4a4n%40googlegroups.com?utm_medium=email&utm_source=footer>.

[Gilvan Filho]

Hey,
What about that approach?

1. Take a full database snapshot from prod
2. Restore the snapshot locally

3. Use kc export to export the realm you want (on local instance)
4. Use the Keycloak admin or API to delete the realm
5. Use admin console to import the previous exported and deleted realm

To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/9aeb4541-2fc4-4e99-bd34-318da3ce88be%40app.fastmail.com.