Request Demo
Features Use Cases About Documentation Contact Request Demo

Backup & Restore

Protect your configuration with automatic and manual backups

Overview

Warden automatically backs up your configuration daily, so you're always protected against data loss. You can also create manual backups before making major changes, and restore from backup if needed.

What's backed up: User accounts, groups, hosts, host groups, identity providers, policies, portal admins, system settings, licenses, and certificates. Everything needed to fully restore your Warden instance.

Automatic Daily Backups

By default, Warden creates a configuration backup every day at 2:00 AM UTC. These automatic backups are retained for 30 days.

Default Settings

Schedule
Daily at 2:00 AM UTC
Backup Type
Config only (fast, excludes logs)
Retention
30 days
Status
Enabled by default

Changing Backup Settings

  1. Go to Settings > Backup
  2. Adjust the backup schedule (hour of day)
  3. Set retention period (how many days to keep)
  4. Choose backup type (config only or full)
  5. Enable or disable automatic backups
  6. Click Save

Backup Types

Choose the right backup type for your needs:

Config Only

Fast and small. Includes all configuration but excludes authentication logs.

  • Typical size: 1-10 MB
  • Best for: Daily automatic backups
  • Includes: Users, groups, hosts, policies, licenses, certificates
  • Excludes: Auth logs, audit logs, accounting data
folder

Full Backup

Complete backup including all logs. Takes longer and creates larger files.

  • Typical size: 10 MB - 1 GB+ (depends on log volume)
  • Best for: Before major upgrades or migration
  • Includes: Everything from config backup plus all logs
  • Excludes: Nothing

Creating a Manual Backup

Create a backup at any time, such as before making major configuration changes:

  1. Go to Settings > Backup
  2. Click Create Backup
  3. Choose backup type (Config only or Full)
  4. Optionally add notes (e.g., "Before IDP migration")
  5. Click Create

The backup appears in the list once complete. You can download it for off-site storage.

Downloading Backups

Download backups to store them off-site or transfer to another system:

  1. Go to Settings > Backup
  2. Find the backup you want to download
  3. Click the Download button
  4. Enter a password to encrypt the backup file
  5. Save the .wbak file securely

Remember your password! Downloaded backups are encrypted with AES-256-GCM. You'll need the password to restore. Store it separately from the backup file in a secure password manager.

Restoring from Backup

Restore is available during initial setup (factory reset). This ensures a clean restoration without conflicting data.

Restore Process

  1. Factory reset Warden (or start with a fresh installation)
  2. On the Setup Wizard welcome screen, click Restore from Backup
  3. Upload your .wbak backup file
  4. Enter the password used when downloading the backup
  5. Review the backup details (date, version, contents)
  6. Click Restore
  7. Wait for the restore to complete
  8. Log in with your restored admin credentials

Licenses are preserved: Your licenses are included in the backup and will be restored automatically. No need to re-enter license keys.

What's Included in Backups

Configuration Data

  • Portal administrators and certificates
  • Network users and 2FA settings
  • User groups and RADIUS attributes
  • Hosts and host groups
  • Identity providers (LDAP, Azure AD, etc.)
  • Policies and access rules
  • License pools and allocations
  • System settings

Security Data

  • SSL/TLS certificates
  • Encryption keys (secrets.json)
  • Password hashes (never plaintext)
  • 2FA secrets

Full Backup Only

  • Authentication logs
  • Admin audit logs
  • RADIUS accounting data

Best Practices

  • Keep automatic backups enabled - They're lightweight and provide peace of mind
  • Download backups regularly - Store copies off-site (cloud storage, different server)
  • Create manual backups before changes - Always backup before major configuration updates
  • Test your backups - Periodically verify you can restore to a test environment
  • Use strong passwords - Downloaded backups are only as secure as their password
  • Document your passwords - Store encryption passwords in a secure password manager

Troubleshooting

"Invalid password" during restore

What's happening: The password doesn't match what was used to encrypt the backup.

Things to check:

  • Make sure you're using the exact password from when you downloaded
  • Check for extra spaces before or after the password
  • Verify caps lock isn't accidentally on

"Invalid backup format"

What's happening: The file isn't a valid Warden backup.

Things to check:

  • Make sure the file has a .wbak extension
  • Verify the file wasn't corrupted during transfer
  • Ensure you're not uploading an unencrypted backup (downloaded backups are always encrypted)

Backup file too large to upload

What's happening: Full backups with lots of logs can exceed upload limits.

Things to check:

  • Try a config-only backup instead of full backup
  • If using reverse proxy, check your upload size limits
  • Contact support for large backup restoration assistance

What's Next?

Back to Help Overview