Navigation
This documentation refers to the on premises version of MongoDB Charts. For documentation on the MongoDB Charts SaaS application in Atlas, click here.

Back Up and Restore Security Keys

On this page

MongoDB Charts uses a number of keys and tokens to secure your deployment and encrypt sensitive data stored in the Charts metadata database. When you first deploy Charts, new random keys are automatically generated and saved to a Docker volume which persists the keys across container deployments.

Important

If you want to redeploy Charts or move Charts to a new server, you will need to use the original keys in new deployments. If you deploy a new instance of Charts and point it to an existing Charts metadata database used by a previous deployment, the encryption keys will not match and the new instance of Charts will not be able to decrypt the metadata.

To prevent this from occurring, you should back up the encryption keys after the initial deployment and store them in a safe location. For a production Charts deployment you should also back up the data in the Charts metadata database using MongoDB backup methods.

Back Up Keys

To back up the keys, use the following commands to launch a temporary container that copies the key files from the Charts volume to a newly created directory on the host system:

mkdir c:\temp\charts-keys-backup
docker run -it `
  --volume mongodb-charts_keys:/volume `
  --volume /c/temp/charts-keys-backup:/backup `
  alpine sh -c 'cp /volume/* /backup'

Note

This Docker command uses Unix-style paths on Windows.

mkdir /tmp/charts-keys-backup
docker run -it \
  --volume mongodb-charts_keys:/volume \
  --volume /tmp/charts-keys-backup:/backup \
  alpine sh -c 'cp /volume/* /backup'
mkdir /tmp/charts-keys-backup
docker run -it \
  --volume mongodb-charts_keys:/volume \
  --volume /tmp/charts-keys-backup:/backup \
  alpine sh -c 'cp /volume/* /backup'

Important

Once the operation above completes, store the key in a secure location that is not on the Charts server.

Restore Keys

To restore the keys on the host of the new Charts deployment, first copy the keys from the external location to the target host. For example, C:\temp\charts-keys-backup. Then run the following commands before deploying Charts from the docker-compose file:

docker volume create mongodb-charts_keys
docker run -it `
  --volume mongodb-charts_keys:/volume `
  --volume /c/temp/charts-keys-backup:/backup `
  alpine sh -c 'cp /backup/* /volume'

Note

This Docker command uses Unix-style paths on Windows.

To restore the keys on the host of the new Charts deployment, first copy the keys from the external location to the target host. For example, /tmp/charts-keys-backup. Then run the following commands before deploying Charts from the docker-compose file:

docker volume create mongodb-charts_keys
docker run -it \
  --volume mongodb-charts_keys:/volume \
  --volume /tmp/charts-keys-backup:/backup \
  alpine sh -c 'cp /backup/* /volume'

To restore the keys on the host of the new Charts deployment, first copy the keys from the external location to the target host. For example, /tmp/charts-keys-backup. Then run the following commands before deploying Charts from the docker-compose file:

docker volume create mongodb-charts_keys
docker run -it \
  --volume mongodb-charts_keys:/volume \
  --volume /tmp/charts-keys-backup:/backup \
  alpine sh -c 'cp /backup/* /volume'