Operations Guide
This guide covers operational procedures for running Enprivacy 3.0, including backup, restore, and reference RTO/RPO targets.
Backup
Section titled “Backup”Backup and recovery is your responsibility as the operator. The following outlines the recommended backup scope and frequency.
What to Back Up
Section titled “What to Back Up”| Component | Description |
|---|---|
| Application database | Primary data store (user data, workspace config, audit logs) |
| Object / blob storage | Uploaded files and attachments |
| Application configuration | Environment variables and secrets (back up separately and securely) |
Recommended Backup Frequency
Section titled “Recommended Backup Frequency”| Component | Recommended frequency |
|---|---|
| Application database | TODO |
| Object / blob storage | TODO |
Restore Procedures
Section titled “Restore Procedures”Restoring the Database
Section titled “Restoring the Database”Restoring Object Storage
Section titled “Restoring Object Storage”Reference RTO / RPO
Section titled “Reference RTO / RPO”These are reference targets for typical reference architectures. Actual values depend on your infrastructure and backup configuration.
| Architecture | RTO | RPO |
|---|---|---|
| Single-node (development) | TODO | TODO |
| High-availability (production) | TODO | TODO |
Database Credential Rotation
Section titled “Database Credential Rotation”The service connects to PostgreSQL using a database user with privileges over the application schema. For improved security, rotate this user’s password regularly using either a single-user or dual-user configuration. See Database Setup in the Deployment Guide.
Durable Storage
Section titled “Durable Storage”The Web, Job, and LLM services cache downloaded models in ~/.cache. Mount this path to durable storage to accelerate restarts. The model cache does not need to be backed up — it can be repopulated from the Hugging Face Hub or pre-loaded as a one-off action.
Health Checks
Section titled “Health Checks”Log Management
Section titled “Log Management”Enprivacy 3.0 emits structured JSON audit logs to stdout. These should be forwarded to your SIEM or log aggregation platform.
Upgrades
Section titled “Upgrades”See the Deployment Guide for upgrade procedures.