Backup and restore your authentik instance
This guide outlines the critical components to back up and restore in authentik.
PostgreSQL database
The PostgreSQL database is the most important part of an authentik backup. Without it, authentik cannot be restored to a usable state.
Backup
- Stores all persistent authentik data, including users, policies, flows, and configuration.
- Loss of this database means full application data loss.
- Use PostgreSQL-native tooling such as
pg_dump,pg_dumpall, or continuous archiving. - Exclude the PostgreSQL system databases
template0andtemplate1. - Keep backups somewhere other than the database host when possible.
Restore
- Restore the PostgreSQL database before bringing authentik back into service.
- Use PostgreSQL-native restore tooling such as
pg_restoreorpsql, depending on how the backup was created. - Verify that the restored database is complete before reconnecting authentik.
For deployment-specific PostgreSQL upgrade runbooks, see:
For PostgreSQL connection settings, TLS, replicas, and pooler compatibility, see the PostgreSQL configuration reference.
Static directories
These directories are mounted as volumes in containerized installations and must be restored if they were part of the backup to maintain authentik’s expected functionality.
| Directory | Purpose | Backup and Restore Notes |
|---|---|---|
/data | Stores application icons, flow backgrounds, uploaded files, and CSV reports. | Only required if not using S3 external storage. External storage should be backed up using the AWS S3 Sync utility. |
/certs | Stores TLS certificates in the filesystem. | Backup if you rely on these certificates present in the filesystem. Not needed if authentik has already imported them, as certificates are stored in the database. |
/custom-templates | Stores custom changes to the authentik UI. | Required if you modified authentik's default appearance. |
/blueprints | Stores blueprints. | Optional but recommended if using custom blueprints. |