Skip to content

Backup & Recovery

Database backups, credential safety, and rollback procedures

Last Updated: 2026-02-16 (v4.0.1)

Database Backup

Manual Backup

# Full backup (compressed)
pg_dump -U vitara vitara_platform | gzip > ~/backups/vitara_$(date +%Y%m%d).sql.gz

# Full backup (plain SQL)
pg_dump -U vitara vitara_platform > ~/backups/vitara_$(date +%Y%m%d).sql

Automated Backup

# Add to crontab (daily at 2 AM)
crontab -e

0 2 * * * pg_dump -U vitara vitara_platform | gzip > /home/ubuntu/backups/vitara_$(date +\%Y\%m\%d).sql.gz

Restore

# Restore from compressed backup
gunzip < ~/backups/vitara_20260216.sql.gz | psql -U vitara vitara_platform

# Restore from plain SQL
psql -U vitara vitara_platform < ~/backups/vitara_20260216.sql

Vapi Configuration Backup

The Vapi GitOps directory is the source of truth for voice agent configuration:

# Backup location (gold master prompts)
/home/ubuntu/vitara-platform/backups/vapi-20260210/prompts-v2.4-gold/

# Current config (always up to date)
/home/ubuntu/vitara-platform/vapi-gitops/

The .vapi-state.dev.json file contains resource ID mappings and should be backed up alongside the GitOps config.

Code Rollback

Quick Rollback

cd /home/ubuntu/vitara-platform

# View recent commits
git log --oneline -10

# Checkout previous version
git checkout HEAD~1

# Rebuild and restart
cd admin-dashboard/server
npx tsc
pm2 restart vitara-admin-api

# Verify
curl -s http://localhost:3002/health | jq

Rollback to Specific Version

git checkout <commit-hash>
cd admin-dashboard/server && npx tsc && pm2 restart vitara-admin-api

Warning

After rollback, run npx prisma migrate deploy if the rollback crosses a migration boundary. Check prisma/migrations/ for migration files between versions.

SSL Certificate Renewal

SSL certificates auto-renew via certbot. Verify:

# Check certificate expiry
openssl x509 -in /etc/letsencrypt/live/vitaravox.ca/fullchain.pem -noout -dates

# Force renewal if needed
sudo certbot renew --force-renewal
sudo nginx -s reload

Automated Renewal

# Already configured in crontab
0 3 * * 0 certbot renew --quiet --post-hook "sudo nginx -s reload"

Disaster Recovery Checklist

  • [ ] Database backup available (< 24h old)
  • [ ] Vapi GitOps directory backed up
  • [ ] .vapi-state.dev.json backed up
  • [ ] SSL certificates valid
  • [ ] ENCRYPTION_KEY documented securely (needed to decrypt clinic credentials)
  • [ ] PM2 startup script configured (pm2 save && pm2 startup)