Skip to main content
this document is for:

Deployment: Invicti Platform on-premises

Backup and restore

You can migrate your Invicti Platform on-premises deployment to a new environment such as moving to a different Kubernetes cluster or cloud provider (for example, EKS to AKS) without losing data or configuration.

This document explains how to back up your existing deployment and restore it in a new environment to ensure uninterrupted operation.

Overview

Migrating Invicti Platform to a different environment may be required for infrastructure changes, cloud provider transitions, or hardware upgrades.

The migration process preserves all data and configurations and minimizes downtime.

Goals:

  • Preserve all Invicti Platform data, including configurations, users, and scan results.
  • Minimize service disruption during migration.
  • Ensure the platform operates normally after restoration.

Prerequisites

Before starting the migration, ensure the following:

  • Both the source and target environments meet the system requirements for Invicti Platform on-premises.
  • Both environments have network access to required trustlist domains.
  • Your Helm values file and Kubernetes versions are compatible with supported deployments.
  • You have administrative access to:
    • Both Kubernetes clusters
    • Related storage systems
    • Any external databases (if used)

Step 1: Back up the existing environment

1. Export configuration and values

  • Save your current Helm values file.
  • Back up any custom configuration files.
  • Record environment-specific settings such as:
    • Hostnames
    • Ingress URLs
    • External service endpoints

2. Back up persistent data

  • Snapshot or export the PersistentVolumeClaims (PVCs) used by Invicti Platform (database, file storage, etc.).
  • Scale all StatefulSets down to zero replicas before taking PVC backups to avoid file-system inconsistencies and data corruption.
  • If you use an external database, create a database backup with native tools, for example, pg_dump for PostgreSQL. This isn't required if the database runs inside the cluster.

3. Save encryption keys and secrets

  • Export all Kubernetes secrets related to Invicti Platform:
kubectl get secrets -n <namespace> -o yaml > secrets-backup.yaml
  • Don't back up the Helm release secret sh.helm.release.v1.<release>.v1. Restoring it can cause issues during installation on the new cluster.
  • Store secrets securely—they are required to restore encrypted data and credentials.

Step 2: Prepare the target environment

  • Deploy a new Kubernetes cluster that meets supported version requirements.
  • Ensure access to required trustlist domains and external endpoints.
  • Install required tools:
    • kubectl, Helm, and your cluster’s container runtime (for example, MicroK8s).

Create required infrastructure components:

  • Namespaces
  • Storage classes
  • Networking components (ingress controller, TLS certificates, etc.)

Step 3: Restore the Deployment

1. Restore secrets

  • Create the target namespace.
  • Recreate the secrets from the backup:
kubectl apply -f secrets-backup.yaml -n <namespace>

2. Deploy Invicti Platform

  • Install Invicti Platform using the same Helm chart version as used in the original environment.
  • Use your saved Helm values file. -Update only the environment-specific settings:
    • Cluster name
    • Storage class
    • IP addresses or hostnames
    • Ingress or DNS configuration
  • Document any adjustments required due to infrastructure differences.

3. Restore PVC data

  • Scale StatefulSets down in the target environment before restoring PVC data.
  • Restore PVC snapshots to the new cluster.
  • After the data is restored, scale StatefulSets back up.

4. Validate configuration

  • Confirm all pods are running:
kubectl get pods -n <namespace>
  • Verify that the application is accessible through the configured ingress.
  • Confirm connectivity to external integrations (authentication, issue trackers, repositories, etc.).

Step 4: Verify the Deployment

After the platform starts:

  • Confirm that users, scans, historical data, and configuration are intact.
  • Run a test scan to ensure full functionality.
  • Review logs for errors related to connectivity or configuration.

Post-Migration Notes

  • If the migration changes hostnames or IP addresses, update:
    • DNS records
    • Firewall rules
    • Reverse proxy configuration
    • Integration endpoints
  • Ensure your license remains valid. Contact Invicti Support if your deployment ID changes.
  • Reapply any automation or monitoring configurations tied to the old environment.

Support Scope

Invicti supports:

  • Backup and restoration using official Helm charts and documented procedures.
  • Guidance for updating environment-specific configuration after migration.

Invicti does not support:

  • Custom backup scripts or third-party migration tools.
  • Unofficial modifications to Helm charts or infrastructure templates.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?