How should we backup the HAT/DB?


#1

Hi all,

the value of the HAT is in the data stored in the Postgres.

Question: How should we backup this database, while ensuring that (or at least minimize) the data is not visible/readable to anyone, even to HPP personnel?

The usual way is to pipe a pg_dump into an encryptor
pg_dump <database> | encrypt

However, providers should not have access to HAT data via pg_x commands.

The alternative is

  1. to backup the entire pg directory (which may itself already be encrypted-at-rest).
  2. to backup the entire container. (which may be too heavy)

Thoughts and comments?

Terry


#2

Hi @Terry_Lee,

The current solution used for the small number of Alpha HATs we currently run is based on Amazon’s Elastic Block Store for users’ databases and hence their snapshot tools for backing up date.

As this is dependent on the infrastructure of each Hat Platform Provider, I think it is up to HAT Platform Providers to implement a solution that would (among other aspects) be later approved/certified by HATDeX.

Best,
Aiste