Cargo A/C
Operations

Backup Schedule

Scheduled database protection for the identity backbone. Wired up last (Phase 10) so backups wrap a stable, fully-built system.

RPO

≤ 5 min

Max acceptable data loss (via PITR)

RTO

≤ 60 min

Max time to restore service

Encryption

AES-256

Dumps encrypted before upload

Retention

12 mo

Longest archive horizon

No backup target connected yet. Jobs below are configured and ready — pick a destination below to activate them.

Scheduled jobs

  • Point-in-time recovery (PITR)

    WAL-based PITR on the auth.cargo.ac backend for second-level rollback.

    Continuous
    pending target

  • Nightly logical dump

    pg_dump of the identity schema, encrypted and uploaded to the backup target.

    Daily · 03:00 UTC
    pending target

  • Weekly full archive

    Complete database snapshot retained on the cold-storage tier.

    Sunday · 04:00 UTC
    pending target

  • Quarterly restore drill

    Automated restore into a staging project to prove backups are recoverable.

    Every 90 days
    planned

Retention policy

  • DailyNightly dump
    30 days
  • WeeklyWeekly archive
    12 weeks
  • MonthlyMonth-end archive
    12 months

Backup target

  • Cloudflare R2

    Zero-egress object storage; aligns with the Cloudflare-hosted DNS.

    Available

  • Amazon S3

    Industry-standard buckets with lifecycle + Glacier tiering.

    Available

  • Backblaze B2

    Low-cost S3-compatible storage for long-term retention.

    Available

  • Other / self-hosted

    Any S3-compatible endpoint via access key + secret.

    Available

Backups are intentionally the final step. Connect a destination above (S3 / Backblaze / Cloudflare R2) and these jobs begin running on schedule with last-run status tracked here.