Operations, Security & Reliability

Point-in-Time Recovery

Point-in-time recovery reconstructs database state from a consistent base backup plus an unbroken ordered archive of recovery logs, stopping at a chosen target on a new history and then validating the recovered service.
  • A base backup and continuous log archive are one recovery chain.
  • The target must be chosen from business evidence.
  • Archive gaps are hard recovery limits.
  • Recovery creates a new timeline or history.
  • Retention is coupled across base backups, logs, catalog, and keys.
  • Stopping is not finishing.
PITR timeline and branch
Recovery target choices
SelectorUseful whenHazard
Named restore pointapplication/deployment emits a markermarker must precede harmful commit
Transaction/log IDexact offending transaction knowninclude/exclude semantics must be rehearsed
Timestampincident time is boundedclock/time-zone and commit ordering uncertainty
Latest consistenthardware loss without logical corruptionreplays harmful logical change too
Immediate after basetest base independentlylarge RPO by design
PITR rehearsal runbook
1. Freeze deletion and copy archive/catalog evidence; do not overwrite history.
2. Choose a compatible base before the target; verify manifest and keys.
3. Restore into an isolated destination with no production client route.
4. Retrieve every required log in order; fail closed on a gap.
5. Stop before/after the selected event according to rehearsed semantics.
6. Inspect recovery completion and new history/timeline metadata.
7. Validate business state and achieved point; then rebuild replicas and route clients.