Backup and Recovery
Required Practice
- Back up the identity database and each service database before deployments and on a scheduled cadence.
- Retain encrypted backup copies separately from live runtime credentials.
- Test restoration procedures before launch and repeat them during routine operations.
Recommended Recovery Model
| Asset | Recovery concern |
|---|---|
| Identity database | User access, roles, refresh tokens, and auth continuity |
| Customer data | Invite redemption history and distributor-customer relationships |
| Game data | Active session continuity and scoreboard state |
| Chat data | Retained archives, legal-hold state, and moderator auditability |
Operational Checklist
- Confirm backup job success.
- Verify encryption and access controls on backup storage.
- Run restore drills in a non-production environment.
- Validate that retention and legal-hold expectations survive restore.
- Record restore outcomes and unresolved issues.
Current Gap
The repo defines backup expectations, but production backup automation, retention schedules, and restore-drill evidence still need to be implemented before launch.