Eppalock View on Heroku
d

Offsite Postgres backups for Heroku

Automated offsite backups for data protection and compilance

Eppalock is a Heroku Add-On installed via the Heroku platform:

View on Heroku

How it Works

Eppalock is simple to install and configure - then your backups are on autopilot

Eppalock is a verified Heroku Add-On which can only be installed from the Heroku Elements store. Once installed, we'll generate an encryption key and ask for a read only connection string for your Postgres database and your AWS details.

We'll then generate an encrypted backup of your database on Heroku resources, depending on a schedule you define or when you backup manually.

Your encrypted backups are then safely sent to AWS from Heroku directly - not via our servers.

How do offsite Heroku backups work?
    1. 1

      Secure dyno is created on Heroku

    2. 2

      Postgres backup is taken

    3. 3

      Backup is encrypted

    4. 4

      Backup is sent to your AWS S3 bucket

  2. Stored on s3

  3. 5

    You're notified

Encrypted postgres backups on heroku

End-to-End Encryption

Eppalock prioritizes encryption to keep your data safe - even at rest

Automated and manual backups occur on a Heroku dyno owned by you. Using an encryption key stored on Heroku, the backup is encrypted using AES-256-CBC before it is sent offsite.

Automatic and Manual Backups

Choose when to backup your Postgres database automatically or on demand

Your Postgres database can be backed up offiste automatically monthly, weekly, daily or hourly. With a single click, you can also backup your database whenever you choose.

Automated and manual backups for your Heroku Postgres database
Why do heroku offsite backups matter?

Why Offsite Backups are Important

Having all your eggs in one basket isn't a good idea - especially when it comes to your data

Your security and compliance requirements may require you to keep a backup offsite and away from your primary database. Eppalock makes this easy and secure.

If your primary database is compromised, you can restore from a backup that is stored offsite and encrypted.

Eppalock is a Heroku Add-On installed via the Heroku platform:

View on Heroku

Frequently Asked Questions

How is this different to Heroku Postgres Backups?

Heroku has a rolling backup for your Postgres database, which is great! But it's stored on the same infrastructure the database itself.

If someone on your team (or Heroku themselves) accidentally deletes your database, your backups will be deleted with it, which means you won't be able to restore your data.

If there's an issue with your Heroku account - you could lose access to it due to red tape or it could get accidentally deleted, you will no longer have access to any database backups. This makes it impossible for you to restore your database on another service.

Eppalock mitigates the above converns by storing your backups indpenent to your Heroku account and infrastructure. If your database is deleted or if you're locked out of your Heroku account, your Epploack backups are safe and accessible for actioning at all times.

Can we backup large databases?

Yes! We follow Heroku's best practice and take the database backup on a seperate dyno to your main application. This allows databases - even very big ones - to be backed up without having an impact on your main apps performance or stability.

Can we provide our own encryption key?

Yes! We'll generate an encryption key for you during the onboarding process, but you can replace it with a key of your choice. If you have strict regulations around what qualifies as an encryption key, provide your own!

Do you rotate encryption keys?

Rotating keys is a good security practice - and if you provide your own key, you can rotate it as often as you like. We don't store encryption keys on our servers or maintain a encryption key log, so you'll need to keep track of which backups have been encrypted with which key (so you can decrypt them later!)

Can we store our backups somewhere apart from s3?

Not for now, but we're working on it! We're planning to support Google Cloud and Auzre Storage in the future. Not only that - we also plan on offering storage on our own services, with less configuration and spending (especially if you don't have a cloud account with an existing service!). If you're interested in this, or a different storage option, let us know!

Do you delete backups?

Not by default, but we can! Eppalock can automatically delete backups older than a day, week or month at your discretion. Enabling this feature will help keep your storage costs to a minimum, while maintaining the backups critical for your data protection.

Eppalock