Operations, Security & Reliability
Point-in-Time Recovery
Point-in-time recovery reconstructs database state from a consistent base backup plus an unbroken ordered archive of recovery logs, stopping at a chosen target on a new history and then validating the recovered service.
- A base backup and continuous log archive are one recovery chain.
- The target must be chosen from business evidence.
- Archive gaps are hard recovery limits.
- Recovery creates a new timeline or history.
- Retention is coupled across base backups, logs, catalog, and keys.
- Stopping is not finishing.
| Selector | Useful when | Hazard |
|---|---|---|
| Named restore point | application/deployment emits a marker | marker must precede harmful commit |
| Transaction/log ID | exact offending transaction known | include/exclude semantics must be rehearsed |
| Timestamp | incident time is bounded | clock/time-zone and commit ordering uncertainty |
| Latest consistent | hardware loss without logical corruption | replays harmful logical change too |
| Immediate after base | test base independently | large RPO by design |
1. Freeze deletion and copy archive/catalog evidence; do not overwrite history.
2. Choose a compatible base before the target; verify manifest and keys.
3. Restore into an isolated destination with no production client route.
4. Retrieve every required log in order; fail closed on a gap.
5. Stop before/after the selected event according to rehearsed semantics.
6. Inspect recovery completion and new history/timeline metadata.
7. Validate business state and achieved point; then rebuild replicas and route clients.