Skip to content

Management Interface: backup

This command makes a backup of the Enterprise server and any deployed add-on services (e.g. WARP).

Typical Usage

Running ./manage_server backup by default will create a bn_enterprise_backup.tar with all database and object store contents in it, plus some associated metadata used during the restore process. The server must be running while this backup is completed.

Warning

This command does not backup any files that are outside of the containers! Your licenses and crypto keys must be backed up separately!

When restoring, the server will use the new credentials from that install, so you shouldn't need things in secrets/, but you may want to back those up as well.

Additional Considerations

An older backup can be restored to a newer Enterprise server. Once the backup has been loaded, database migrations will be applied to bring the older database up to the newer version.

Danger

A backup from a newer Enterprise server cannot be restored to an older version of the Enterprise server.

Warning

Backup format version 0 files (from v1.0.43 or earlier) are no longer supported as of v2.0 of the Enterprise server. Contact support if you need assistance restoring from one of these older backups.

Command Help

Archive Enterprise server data (requires server to be running)

Usage: manage_server backup [OPTIONS]

Options:
  -f, --file <file>                      [default: bn_enterprise_backup.tar]
      --swarm[=<STACK_NAME>]             Operate in docker swarm mode [env: ENTERPRISE_STACK_NAME=]
      --registry-host <HOSTNAME>         Hostname of custom registry [env: ENTERPRISE_REGISTRY_HOST=registry.internal.v35.us] [default: registry.enterprise.binary.ninja]
      --stdout                           Stream the backup archive to stdout instead of writing to disk
      --registry-username <USER>         Username for custom registry [env: ENTERPRISE_REGISTRY_USERNAME=]
  -y, --yes                              Assume 'yes' for backup confirmations (overwrite target file) [aliases: --force, --force-yes]
      --no-wait                          Skip readiness checks inside the backend container before backup
      --registry-password <PASSWORD>     Password for custom registry [env: ENTERPRISE_REGISTRY_PASSWORD=]
      --docker-host <HOST>               Overrides the default Docker/Podman Unix socket [env: DOCKER_HOST=]
      --wait-timeout <wait-timeout>      Timeout in seconds for readiness checks inside the backend container [default: 60]
      --container-engine <ENGINE>        Container engine to use for deployments (docker or podman) [env: ENTERPRISE_CONTAINER_ENGINE=docker] [default: docker] [possible values: docker, podman]
  -l, --license-file <license-file>      Path to Binary Ninja license file [env: ENTERPRISE_SERVER_LICENSE_FILE=] [default: license.dat]
  -b, --license-bundle <license-bundle>  Local path to Enterprise client floating license bundle [env: ENTERPRISE_SERVER_LICENSE_BUNDLE_FILE=] [default: license-bundle.b64]
      --uid <uid>                        User ID used for data and tasks (defaults to current User ID) [env: ENTERPRISE_SERVER_UID=]
      --gid <gid>                        Group ID used for data and tasks (defaults to current Group ID) [env: ENTERPRISE_SERVER_GID=]
  -h, --help                             Print help

Database Options:
      --db-name <NAME>           Name of database to use [env: ENTERPRISE_DATABASE_NAME=] [default: binaryninja_enterprise]
      --db-host <HOSTNAME>       Name of host to use when connecting to database [env: ENTERPRISE_DATABASE_HOST=] [default: database]
      --db-port <PORT>           The port to use when connecting to database [env: ENTERPRISE_DATABASE_PORT=] [default: 5432]
      --db-user <USERNAME>       The user to use when connecting to database [env: ENTERPRISE_DATABASE_USER=] [default: binaryninja_enterprise]
      --db-password-file <FILE>  Path to file containing password to authenticate with the database [env: ENTERPRISE_DATABASE_PASSWORD_FILE=] [default: ./secrets/db_password]

Key-Value Store Options:
      --redis-url <URL>  URL to use when connecting to message broker [env: ENTERPRISE_KV_STORE_URL=] [default: redis://redis:6379]

Object Store Options:
      --object-store-bucket-name <BUCKET>    Object store bucket name (must be between 3 and 63 characters, only using lowercase letters, numbers, dot, and hyphen) [env: ENTERPRISE_OBJECT_STORE_BUCKET_NAME=] [default: binaryninja-enterprise]
      --object-store-endpoint-url <URL>      Object store endpoint URL [env: ENTERPRISE_OBJECT_STORE_URL=] [default: https://object-store:8333]
      --object-store-access-key-file <FILE>  Path to file containing the access key ID to use when authenticating with the object store [env: ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE=] [default: ./secrets/object_store_access_key_id]
      --object-store-secret-key-file <FILE>  Path to file containing the secret access key to use when authenticating with the object store [env: ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE=] [default: ./secrets/object_store_secret_access_key]

Note

Please remember that the user running this command must have permissions to run docker commands for it to complete successfully.