# Ticket: Vaultwarden recovery and restore plan ## Metadata - Type: Ticket - Status: Done / restore test passed - Project: Homelab secrets management - Created: 2026-06-06 - Updated: 2026-06-06 - Priority: High ## Goal Create a recovery and restore-test plan for Vaultwarden so vault access can be recovered if the VM, database, credentials, 2FA, or backup path fails. ## Why A secrets vault is only safe to rely on if recovery material and restore procedures are available outside the vault itself. Restore testing reduces the risk of silent backup failure. ## Scope Included: - Define out-of-vault recovery material requirements. - Define emergency/break-glass ownership and storage references without values. - Define isolated restore-test target requirements. - Perform a restore test after basic backups exist. - Document lockout/incident response steps. Not included: - Recording master passwords, recovery codes, backup keys, or token values in git. - Granting assistant direct vault access. - Performing restore tests against production data without isolation. ## Acceptance Criteria This ticket is done when: - [x] Recovery material requirements and owner/location references are documented. - [x] A restore-test target and isolation method are approved. - [x] A Vaultwarden backup is restored into an isolated target. - [x] Restored vault usability is verified by the authorized user. - [x] Production Vaultwarden remains unchanged. - [x] `docs/server-change-log.md` records the restore test without secret values. ## Questions - Where should emergency recovery material live outside Vaultwarden? - Who is the recovery owner? - What isolated target should be used for restore testing? - What minimum proof is acceptable for restored vault usability? ## Plan / Next Actions - [x] Wait until the basic backup plan exists and first backup succeeds. - [x] Update `runbooks/vaultwarden-restore-test.md` with approved details. - [x] Create or allocate isolated restore target. - [x] Restore backup into test target. - [x] Verify restored vault with user. - [x] Destroy or preserve restore target as approved — disposable CT 105 destroyed after successful verification. - [x] Log restore test. ## Notes - User stated on 2026-06-06 that there is currently no recovery plan and requested a ticket to create one. - 2026-06-07: Restore test passed using disposable Proxmox CT 105 `vaultwarden-restore-test`. A fresh backup was temporarily encrypted to both the permanent backup age recipient and a temporary restore-test recipient. The backup decrypted and restored in CT 105, HTTPS test endpoint responded, the user confirmed login, production remained healthy, and CT 105 was destroyed.