For Windows instructions, see Backup and Restore on Windows.
Seq creates daily backups of metadata and configuration, including API keys, users, signals and apps. Events are not backed up by this process - use the replication, JSON archive or file archive apps for redundant event storage if necessary.
To protect sensitive information, Seq applies AES-256 encryption to backup files.
An encryption key is required when restoring backups: please ensure you follow the instructions below for initializing, or retrieving and storing, the encryption key.
Seq backups are encrypted using AES-256 with the Seq server's secret key, and cannot be restored unless the correct secret key is specified.
The best way to obtain the encryption key is to generate and save it the when the container is first initialized. The key can be generated on any machine using the following command:
docker run --rm -it datalust/seq show-key --generate
This will produce a string like
8D2RNAbAgmV7ur8nQCLT7PlCWCk+kW488nSg3Narj/4=. When the container is initialized for the very first time, with a clean storage volume, this can be placed in the
SEQ_STORAGE_SECRETKEY environment variable. See The Secret Key for more information about this approach, and other key storage options.
If the container has already been initialized without a secret key being specified, the key can be retrieved interactively in the container by obtaining a shell prompt and running:
The key is a base-64 encoded value. Save this in a secure location so that backups can be restored.
Seq will automatically back up configuration on a daily basis. The
.seqbac files created are stored in the Backups/ directory under the Storage root path.
Backups can be retrieved directly from disk, or downloaded from the web UI in Settings > Backups.
Seven days of backups will be retained, after which Seq will delete the oldest backup file when new backups are created.
Backup settings can be customized in Settings > Backup > Backup Settings.
When specifying the time of day at which to back up, UTC is used.
To restore from backup, use an Init script to run commands in the container. After placing the script in
Init/ under the mounted
/data volume, restart the container or pod and Seq will run the script.
The restore process depends on whether the
/data volume is the original one containing backups, configuration, and log data (a "quick rollback"), or whether
/data is a new, clean volume ("full restore").
When restoring a container to its own latest nightly backup (from the same
/data volume), as long as the container's environment is identical, use the following init script:
seqsvr restore --from-latest
To restore a backup to a completely fresh
/data volume, first initialize the volume with:
- The backup file to be restored, under
Backups/; the example uses the filename
backup.seqbac- use the filename of the backup you're planning to restore; and
- An init script, under
Init/, with the following contents:
seqsvr restore --secret-key="your-secret-key" --backup="../Backups/backup.seqbac" --enable-apps
your-secret-key for the Base64 encoded secret key discussed earlier in this guide.
When testing backups...
If you're restoring a backup to a temporary location for testing purposes, omit the
--enable-appsargument: this will avoid accidentally triggering alerts and other integration points when the restored container starts.
Updated over 1 year ago