Skip to main content

Backups

Deno KV is currently in beta

Deno KV and related cloud primitive APIs like queues and cron are currently experimental and subject to change. While we do our best to ensure data durability, data loss is possible, especially around Deno updates.

Deno programs that use KV require the --unstable flag when launching the program, as shown below:

deno run -A --unstable my_kv_code.ts

KV databases hosted on Deno Deploy can be continuously backed up to your own S3-compatible storage buckets. This is in addition to the replication and backups that we internally perform for all data stored in hosted Deno KV databases to ensure high availability and data durability.

This backup happens continuously with very little lag, enabling point-in-time-recovery and live replication. Enabling backup for KV databases unlocks various interesting use-cases:

  • Retrieving a consistent snapshot of your data at any point in time in the past
  • Running a read-only data replica independent of Deno Deploy
  • Pushing data into your favorite data pipeline by piping mutations into streaming platforms and analytical databases like Kafka, BigQuery and ClickHouse

Configuring backup to Amazon S3

First you must create a bucket on AWS:

  1. Go to the AWS S3 console
  2. Click "Create bucket"
  3. Enter a bucket name and choose a AWS region, then scroll down and click "Next"

Then, create an IAM policy with PutObject access to the bucket, attach it to an IAM user, and create access keys for that user:

  1. Go to the AWS IAM console
  2. Click "Policies" in the left sidebar
  3. Click on "Create policy"
  4. Select the "JSON" the policy editor and paste the following policy:
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "KVBackup",
    "Effect": "Allow",
    "Action": "s3:PutObject",
    "Resource": "arn:aws:s3:::<bucket-name>/*"
    }
    ]
    }
    Replace <bucket-name> with the name of the bucket you created earlier.
  5. Click "Review policy"
  6. Enter a name for the policy and click "Create policy"
  7. Click "Users" in the left sidebar
  8. Click "Add user"
  9. Enter a name for the user and click "Next"
  10. Click "Attach policies directly"
  11. Search for the policy you created earlier and click the checkbox next to it
  12. Click "Next"
  13. Click "Create user"
  14. Click on the user you just created
  15. Click "Security credentials" and then "Create access key"
  16. Select "Other", then click "Next"
  17. Enter a description for the access key and click "Create access key"
  18. Copy the access key ID and secret access key and save them somewhere safe. You will need them later, and you will not be able to retrieve them again.

Now visit the Deno Deploy dashboard, and click on the "KV" tab in your project. Scroll to the "Backup" section, and click on "AWS S3". Enter the bucket name, access key ID, and secret access key you created earlier, and the region the bucket is in. Then click "Save".

add backup to dashboard

The backup will start immediately. Once the data has been backed up, and continous backup is active, you will see the status change to "Active".

Configuring backup to Google Cloud Storage

Google Cloud Storage (GCS) is compatible with the S3 protocol, and can also be used as a backup target.

First you must create a bucket on GCP:

  1. Go to the GCP Cloud Storage console
  2. Click on "Create" in the top bar
  3. Enter a bucket name, choose a location, and click "Create"

Then, create a service account with Storage Object Admin access to the bucket, and create an HMAC access key for the service account:

  1. Go to the GCP IAM console
  2. Click on "Service accounts" in the left sidebar
  3. Click on "Create service account"
  4. Enter a name for the service account and click "Done"
  5. Copy the email for the service account you just created. You will need it later.
  6. Go to the GCP Cloud Storage console
  7. Click on the bucket you created earlier
  8. Click on "Permissions" in the toolbar
  9. Click "Grant access"
  10. Paste the email for the service account you copied earlier into the "New principals" field
  11. Select "Storage Object Admin" from the "Select a role" dropdown
  12. Click "Save"
  13. Click on "Settings" in the left sidebar (still in the Cloud Storage console)
  14. Click on the "Interoperability" tab
  15. Click on "Create a key for a service account"
  16. Select the service account you created earlier
  17. Click "Create key"
  18. Copy the access key and secret access key and save them somewhere safe. You will need them later, and you will not be able to retrieve them again.

Now visit the Deno Deploy dashboard, and click on the "KV" tab in your project. Scroll to the "Backup" section, and click on "Google Cloud Storage". Enter the bucket name, access key ID, and secret access key you created earlier, and the region the bucket is in. Then click "Save".

The backup will start immediately. Once the data has been backed up, and continous backup is active, you will see the status change to "Active".

Using backups

S3 backups can be used with the denokv tool. Please refer to the documentation for more details.