Skip to main content

Vault API backup and restore

Vault provides two commands that can be used to backup and restore data: vault export and vault import. These commands are designed to:

  • Backup data to a file or remote storage location
  • Restore data from a file or remote storage location
  • Migrate data from one Vault cluster to another

Creating the export file is highly sensitive, as it enables the user doing the export do access to all the data in Vault. For that reason, the export command requires export permissions. In addition, getting data out of Vault is rate-limited to prevent a malicious user from accessing all the data in Vault. To lift this limitation, you need to create the appropriate key in the KMS.

Only objects are supported for export and import. Token support is Coming soon 🎁