Backing up the data store: Embedded MariaDB database

The embedded MariaDB database available with the OneSpan Authentication Server installation may be backed up while operational with a command-line procedure.

You can create either logical backups, which contain SQL statements necessary to restore the data, or physical backups, which means copying the individual data files. This topic explains how to create logical backups. For more information, refer to the MariaDB product documentation.

For encrypted databases, also back up the encryption key and password to a secure location!

To create a logical backup of the embedded MariaDB database

1. In Windows, open a Command Prompt window and navigate to %PROGRAMFILES%\VASCO\MariaDB10.11\bin. In Linux, open a terminal and navigate to /usr/bin or /usr/sbin, depending on which Linux distribution you are using.

2. Type the following command:

   mysqldump ‑v ‑‑ssl=TRUE ‑u db_username ‑p db_name  >  backup_filename

   where:

   • ‑‑ssl=TRUE enables secure connections (TLS) for the database connection.
   • db_username is the user account used for database authentication.
   • db_name is the database name, e.g. Identikey Server.
   • backup_filename is the absolute path and name of the file to store the data backup, e.g. ./backup.sql.
   • -v is an optional parameter. Use it to see verbose output when the backup is created.
   • When prompted, provide the password for the database administrator account.

   By default, the following settings apply to the embedded MariaDB database:

   • db_name (default database name) is Identikey Server.
   • db_username (database administrator account name) is digipass.
   • db_password (database administrator account password) is digipassword.

   By default, the logical backup is unencrypted and contains the plain data from the data store. To be GDPR-compliant, we strongly recommend to use OpenSSL or a similar tool to encrypt the backup file. Store backup copies in a secure location, preferably in a secure location without network connectivity and limit the access to the backup files to the individuals who are responsible for backing up and restoring the data.

If you enabled encryption for the embedded database, you should also back up all certificates and private keys used (see Backup of sensitive data (Overview)).

You can create a batch file to automatically create backups at regular intervals (see Backing up the data store: Embedded MariaDB database (without password prompt for batch files)).