Fujitsu Enterprise Postgres enables you to use the five backup and recovery methods described below.
Backup and recovery using WebAdmin
Backup
WebAdmin backs up encrypted data.
Recovery
If you recover to a point in time when the old master encryption key was in use, change to the most recent master encryption key immediately after recovery.
Enable automatic opening of the keystore in accordance with the procedure described in "6.6.2 Enabling Automatic Opening of the Keystore". Then, use WebAdmin to recover the database.
Backup and recovery using the pgx_dmpall and pgx_rcvall commands
Backup
The pgx_dmpall command backs up the encrypted data.
Recovery
If you recover to a point in time when the old master encryption key was in use, change to the most recent master encryption key immediately after recovery.
Configure automatic opening of the key store as necessary.
If automatic opening of the keystore is not enabled, execute the pgx_rcvall command with the --kms-secret option specified. This will display the prompt for the passphrase to be entered.
Dump and restore using SQL
Backup
The files output by the pg_dump and pg_dumpall commands are not encrypted. You should, therefore, encrypt the files using OpenSSL commands or other means before saving them, as described in "5.8 Importing and Exporting the Database" below.
Restore
If the backup data has been encrypted using, for example Open SSL commands, decrypt that data.
The data generated by the pg_dumpall command includes a specification to encrypt tablespaces by default. For this reason, the psql command encrypts tablespaces during restoration.
File system level backup and restore
Backup
Stop the instance and backup the data directory and the tablespace directory using the file copy command of the operating system. The files of encrypted tablespaces are backed up in the encrypted state.
Restore
Stop the instance and use the OS file copy command to restore the data storage directory or tablespace directory.
If you recover to a point in time when the old master encryption key was in use, change to the most recent master encryption key immediately after recovery.
Continuous archiving and point-in-time recovery
Backup
The pg_basebackup command backs up the encrypted data as is.
Recovery
If you recover to a point in time when the old master encryption key was in use, change to the most recent master encryption key immediately after recovery.
Configure automatic opening of the key store as necessary.
If automatic opening of the keystore is not enabled, execute the pg_ctl command to start the instance with the --kms-secret option specified. This will display the prompt for the passphrase to be entered.
See
Refer to "pg_ctl" under "Reference" in the PostgreSQL Documentation for information on the pg_ctl command.
Refer to "Reference" in the PostgreSQL Documentation for information on the following commands:
psql
pg_dump
pg_basebackup
Refer to the Reference for information on the following commands:
pgx_rcvall
pgx_dmpall
pg_dumpall
