Restore Drills

Restores are designed to be explicit manual operations. Every restore command requires:

KAMAL_BACKUP_ALLOW_RESTORE=true

For production-adjacent drills, run restore commands through the backup accessory so they use the same image and tool versions as scheduled backups. A local gem install is useful when the restore target is reachable from your laptop and you want one command to pull from restic and run the database restore client locally.

Database restores

Database restores use restore-specific environment by default. They do not restore to DATABASE_URL.

PostgreSQL:

bin/kamal accessory exec backup \
  --env KAMAL_BACKUP_ALLOW_RESTORE=true \
  --env RESTORE_DATABASE_URL=postgres://app@app-db:5432/app_restore \
  "kamal-backup restore-db latest"

MySQL/MariaDB:

bin/kamal accessory exec backup \
  --env KAMAL_BACKUP_ALLOW_RESTORE=true \
  --env RESTORE_DATABASE_URL=mysql2://app@app-mysql:3306/app_restore \
  "kamal-backup restore-db latest"

SQLite:

bin/kamal accessory exec backup \
  --env KAMAL_BACKUP_ALLOW_RESTORE=true \
  --env RESTORE_SQLITE_DATABASE_PATH=/restore/db/restore.sqlite3 \
  "kamal-backup restore-db latest"

Restore targets that look production-like are refused unless:

KAMAL_BACKUP_ALLOW_PRODUCTION_RESTORE=true

File restores

File restores default to /restore/files:

bin/kamal accessory exec backup \
  --env KAMAL_BACKUP_ALLOW_RESTORE=true \
  "kamal-backup restore-files latest /restore/files"

Restoring into configured backup paths is refused unless:

KAMAL_BACKUP_ALLOW_IN_PLACE_FILE_RESTORE=true

Use restore drills regularly. A backup that has never been restored is only an assumption.