Operations runbook
Backup & disaster recovery
Cerynix encrypts database and evidence backups with age before writing them. A usable recovery plan also requires off-box copies, an off-box private identity and regular restore tests.
1
Create and protect backups
backup
cd /opt/cerynix/app
scripts/backup.shExpect db.sql.gz.age and evidence.tar.age. Confirm both exist, monitor the scheduled job, and copy them off the VM. Store BACKUP_AGE_IDENTITY separately; losing it makes the encrypted backup unrecoverable.
2
Prove recovery
isolated drill
BACKUP_AGE_IDENTITY=/path/to/cerynix-backup.key \
scripts/restore-drill.shRun drills on a schedule and record RPO, RTO and the application checks performed. Never use production as the first restore test.
3
Recover production
- Declare the incident, select the recovery point and preserve failed-system logs and disks.
- Stop user writes and isolate the target. Verify the chosen backup and matching application release in a recovery environment.
- Restore only during an approved maintenance window:
BACKUP_AGE_IDENTITY=/path/to/cerynix-backup.key \ scripts/restore.sh backups/<timestamp> - Start the matching application version; verify health, login, critical records, evidence objects, reports and integrations before reopening access.
Destructive operation
restore.sh overlays database content. Do not run it against an active production service. Take a safety copy first and keep the incident rollback point.4
After recovery
Record data-loss bounds, timings and validation evidence; rotate exposed credentials; resume off-box backup replication; and update the runbook from the incident review.