Backup and restore secrets

You need the backup of secrets to:

  • Restore DS data backup in the same cluster, either in the same namespace or a different namespace.

  • Use the same secrets in different environments, such as dev, stage, or prod.

  • Use across a topology involving more than one namespace or cluster.

  • Retain secrets between deployments when using Helm.

Do not save secrets in a Git repository as this is a security risk.

There are several ways of backing up and restoring secrets and keys. One of the ways is to use the ForgeOps team provided copy-secrets script in the forgeops/bin directory to copy secrets from a namespace or a cluster to another.

  • If you have ForgeOps deployments in multiple namespaces in a cluster, you can copy all the secrets from one namespace to another in the same cluster:

    $ copy-secrets --source-ns dev-ns --dest-ns test-ns
  • If you have ForgeOps deployments in multiple clusters, you can copy secrets from a namespace in one cluster to another cluster:

    $ copy-secrets \
      --source-cluster my-dev-cluster --source-ns my-ns \
      --dest-cluster my-test-cluster --dest-ns my-ns

Run the copy-secrets --help command to know more about the options available in the command.

Copyright © 2010-2024 ForgeRock, all rights reserved.