Passwordstate Backup Functionality Explained

You’ll have to indulge me upfront this week. I’ve dusted off my old CTO and Management soapbox and here comes the Backups 101 lecture.

Our driving philosophy is Password management should be affordable for everyone. Because it’s important! You’ll see this on our website, social media pages and in correspondence from us.  There’s no escaping the message, it’s not just lip service or a marketing angle, it’s in our DNA. But you know what is also important…backups!

Backups, the creation of a copy of your organization’s data and information, configuration files, anything that is of material significance for your organization, that needs to be recovered in the event of a failure. This includes and is not limited to hardware or software failures, data corruption, human-caused events, virus or malware incidents, upgrades gone wrong… you get the idea here. If you have data/information that is critical for your business, and you don’t have a backup regime that is regularly tested to prove it works, then you may as well not bother with the data or information in the first place! In fact, and you may not have realised this, you are planning for the business to fail!

And here comes the “Click Studios kicker”… that includes backups of your Passwordstate Instance. If you don’t have a backup of both your Web.config file and your Passwordstate database then we won’t be able to assist you in recovering your password credentials! Having current and tested backups of your Passwordstate Instance is critical… now that’s off my chest let me put the soapbox away and get into this week’s blog.

Backups and Results

With the introduction of Passwordstate V9 we’ve introduced a significant number of improvements to features. One of those is Backups and Upgrades. We’ve made significant changes on top, and beneath the covers, to give our customers an even more robust backup solution. In order to do this, we’ve also had to change the method used for backups.

For the uninitiated, the built in Backup functionality is offered to customers as part of the core Passwordstate software. It’s primarily intended for organizations that don’t have an Enterprise Backup solution that caters for Microsoft SQL and File System backups. Additionally, the built-in backup functionality is tightly integrated with our In-Place upgrade, so you’ll always ensure that you’ve successfully captured a backup before an upgrade. The Backups functionality is located by navigating to Administration->Backups and Upgrades,

From here, if you are using the built-in backups feature, you’ll see the status of your backups with either a green tick or red cross. The Backup Detail section will provide summary information on paths used for the backup and any error messages. Beneath the grid there are options for your backup Settings, performing a manual backup using Backup Now and options for notifications, purging logs, verbose logging and performing an upgrade.

Backups and In-Place Upgrade Settings

First let’s look at your backup settings. Passwordstate V9 introduces a range on new settings and options,

The first of these (Green Dot 1) is specifying an Account that is to be used for running the backup and upgrades. The philosophy behind this is consistent with using a Privileged Account Credential for discovery jobs and resets. The benefits include restricting access in Passwordstate to the account details, having a history of change and a known password for the encrypted .ZIP files that are produced.

The account must have sufficient permissions to destination paths, ability to interact with SQL etc. The following table details the permissions required, at the time of writing this blog for Domain Accounts using Network Shares or Local Folders, but please check for any updates here

For Local Accounts using Local Folders the easiest method is to use an Account that is a member of the Local Administrators group on your server. To check for any updates since writing this blog please refer to this document

Backup Schedule and Settings

The second section (Green Dot 2) details the Backup Schedule and Settings. Here you’ll specify you want to;

  • Enable Backups, specify the number of Backups To Keep, the Backup Start Time and to Backup Every selected period
  • Specify the path for the Web Files Backup to be saved to, including where Encryption Keys are backed up to
  • Specify the path for the Database Backup to be saved to
  • If you want to perform a backup at the beginning of all In-Place Upgrades (highly recommended)
  • The ability to deselect Backup Database if your Enterprise Backup solution handles your SQL Database requirements
  • A check box to select if you have installed your Database on a different server to where Passwordstate is installed
  • A check box to select if you want to Backup Split Secrets into a separate .ZIP file at the path specified for Web Files Backup
  • And lastly if you want to Password Protect Backup Zip Files using the Password from the Password Record of the Account used to perform the backup (Green Dot 1 in the image above, again highly recommended).

When using a Domain account both the Web Files and Database backups can be saved to either a Network path or a Local folder. The format for this is \\Server\Share or Drive:\Folder. If you are using a Local Account then only Drive:\Folder is supported.

One additional manual step you may want to consider, especially if you’re not licensed for the High Availability Module, is to keep a print out of the Account Password Record (along with any other accounts that are required to recover systems) in your company safe or wherever you keep a physical print out of these accounts.

Backup File Naming Conventions

Green Dot 3 allows you to specify the prefix for each of the types of backups. The defaults are examples and you can change these to match any internal naming convention. Each of the backups will have the date and time appended to the file name in the format of YYYYMMDDHHMMSS where,

YYYY = Year

MM = Month

DD = Day

HH = Hour (24 Hour Clock)

MM = Minute

SS = Seconds

Test Permissions

Once you’ve entered all the options as they apply to your environment it’s a good idea to test them using the Test Permissions button. This will run through a simulated backup ensuring that the supplied Account has correct permissions, it can write to the paths supplied, PowerSell is the correct version and that it all SQL requirements can be met,

And that’s it. We can’t stress enough the importance of ensuring Passwordstate is backed up successfully. Full instructions on how to configure your backups can be source from our documentation page here

As always, we welcome your feedback via