Skip to main content
In this guide, we’ll demonstrate how to manually create and restore Raft snapshots in Vault’s Integrated Storage and configure automated backups with Vault Enterprise.

Prerequisites

  • Vault OSS or Enterprise (v1.10.2+ for scheduled snapshots)
  • Vault Enterprise license
  • CLI access to your Vault server

Manually Taking a Raft Snapshot

Use the vault operator raft snapshot save command to export the entire Vault state into a single file: 
vault operator raft snapshot save temp.snap
Verify the snapshot file in your working directory: 
[root@ip-10-1-100-135 opt]# vault operator raft snapshot save temp.snap
[root@ip-10-1-100-135 opt]# ls
aws  rh  temp.snap
Each Raft snapshot includes Vault’s complete configuration, metadata, and KV data. Store snapshots in a secure, redundant location.

Restoring from a Snapshot

To restore a Vault node from an existing snapshot, run: 
vault operator raft snapshot restore temp.snap
This command rehydrates the Vault node with the state stored in temp.snap.
Restoring from a snapshot overwrites your existing Vault data. Confirm you have a valid backup before proceeding.

Configuring Automated Snapshots (Enterprise Only)

Vault Enterprise supports scheduled Raft snapshots via the sys/storage/raft/snapshot-auto/config endpoint. First, confirm you’re running Enterprise: 
[root@ip-10-1-100-135 opt]# vault status
Key             Value
---             -----
Version         1.10.2
Cluster Name    vault-cluster
Cluster ID      1234-5678-abcd-efgh
HA Enabled      true
HA Cluster      https://127.0.0.1:8201
Below is an example that schedules hourly local snapshots and retains the last 24 files: 
[root@ip-10-1-100-135 opt]# vault write sys/storage/raft/snapshot-auto/config/hourly \
>   interval=1h \
>   retain=24 \
>   storage_type=local \
>   path_prefix=/opt/vault \
>   local_max_space=100

Configuration Fields

ParameterDescriptionExample
intervalHow often to take snapshots (1h, 24h, etc.)1h
retainNumber of snapshots to keep24
storage_typeStorage backend (local, aws-s3, etc.)local
path_prefixDirectory path for local snapshot files/opt/vault
local_max_spaceMaximum disk space (MB) allocated for local snapshots100
List configured snapshot jobs: 
[root@ip-10-1-100-135 opt]# vault list sys/storage/raft/snapshot-auto/config
Keys
----
hourly
Verify the local snapshot directory: 
[root@ip-10-1-100-135 opt]# ls vault/
raft  vault.db

Using Cloud Storage for Automated Snapshots

To store snapshots in AWS S3, set storage_type=aws-s3 and specify your bucket: 
[root@ip-10-1-100-135 opt]# vault write sys/storage/raft/snapshot-auto/config/cloud-daily \
>   interval=24h \
>   retain=24 \
>   storage_type=aws-s3 \
>   aws_s3_bucket=my-snapshot-bucket \
>   aws_s3_region=us-east-1
Additional AWS options:
  • aws_s3_endpoint: Custom S3 endpoint (e.g., VPC endpoint)
  • aws_access_key_id / aws_secret_access_key: IAM credentials (if not using roles)
  • kms_key_id: KMS key for server-side encryption

Summary

You’ve learned how to:
  1. Create and restore one-off Raft snapshots with vault operator raft snapshot.
  2. Configure automated snapshot jobs in Vault Enterprise for both local storage and AWS S3.
Automated Raft snapshots ensure continuous, reliable backups of your Vault data with minimal manual effort.

Watch Video