Backup and Restore

For Windows instructions, see Backup and Restore on Windows.

Seq creates daily backups of metadata and configuration, including API keys, users, signals and apps. Events are not backed up by this process - use the replication, JSON archive or file archive apps for redundant event storage if necessary.

🚧

Encrypted Storage

To protect sensitive information, Seq applies AES-256 encryption to backup files.

An encryption key is required when restoring backups: please ensure you follow the instructions below for initializing, or retrieving and storing, the encryption key.

Obtaining the Secret Encryption Key

Seq backups are encrypted using AES-256 with the Seq server's secret key, and cannot be restored unless the correct secret key is specified.

The best way to obtain the encryption key is to generate and save it the when the container is first initialized. The key can be generated on any machine using the following command:

docker run --rm -it datalust/seq show-key --generate

This will produce a string like 8D2RNAbAgmV7ur8nQCLT7PlCWCk+kW488nSg3Narj/4=. When the container is initialized for the very first time, with a clean storage volume, this can be placed in the SEQ_STORAGE_SECRETKEY environment variable. See The Secret Key for more information about this approach, and other key storage options.

If the container has already been initialized without a secret key being specified, the key can be retrieved interactively in the container by obtaining a shell prompt and running:

seqsvr show-key

The key is a base-64 encoded value. Save this in a secure location so that backups can be restored.

Automatic Backup

Seq will automatically back up configuration on a daily basis. The .seqbac files created are stored in the Backups/ directory under the Storage root path.

Backups can be retrieved directly from disk, or downloaded from the web UI in Settings > Backups.

Seven days of backups will be retained, after which Seq will delete the oldest backup file when new backups are created.

Configuring Backup

Backup settings can be customized in Settings > Backup > Backup Settings.

When specifying the time of day at which to back up, UTC is used.

Restoring from Backup

To restore from backup, use an Init script to run commands in the container. After placing the script in Init/ under the mounted /data volume, restart the container or pod and Seq will run the script.

The restore process depends on whether the /data volume is the original one containing backups, configuration, and log data (a "quick rollback"), or whether /data is a new, clean volume ("full restore").

Quick rollback

When restoring a container to its own latest nightly backup (from the same /data volume), as long as the container's environment is identical, use the following init script:

seqsvr restore -y --from-latest

Full restore

To restore a backup to a completely fresh /data volume, first initialize the volume with:

• The backup file to be restored, under Backups/; the example uses the filename backup.seqbac - use the filename of the backup you're planning to restore; and
• An init script, under Init/, with the following contents:

seqsvr restore -y --enable-apps --secret-key="your-secret-key" --backup="/data/Backups/backup.seqbac"

Substitute your-secret-key for the Base64 encoded secret key discussed earlier in this guide.

📘

When testing backups...

If you're restoring a backup to a temporary location for testing purposes, omit the --enable-apps argument: this will avoid accidentally triggering alerts and other integration points when the restored container starts.