Skip to content

Node Backups

Kaleido nodes can be configured with a backup configuration, offering an on demand gateway for exporting node data into a customer’s cloud storage target. Backups not only provide an added persistence layer for the ledger, but also allow customers to access the otherwise unsurfaced signing keys and chain data and take full possession of their node contents. The following cloud storage types are supported as node backup targets:

  • AWS S3 Bucket
  • Azure Blob Storage

Customer Cloud Account Configuration

AWS S3 bucket

Configure an S3 Bucket in AWS Console

  • Log into the AWS console and navigate to the S3 Service in the Storage category.
  • Provide a compliant DNS name for your bucket and follow the pop up instructions for further configuration and permissions. Kaleido does not enforce restrictions on the bucket configuration (e.g. object encryption). Review your configurations and click Create bucket to provision the storage resource.
  • Next, navigate to your IAM service and provision a custom S3 policy for one of your IAM users.
  • In the lefthand navigation panel select Policies and click Create policy at the top of the screen
  • Choose S3 as the Service and enable write access in its entirety. This can be done by simply clicking the box next to Write.
  • Create a name for the policy and review it, ensuring that you have provided full write access. Click Create policy to finish.
  • Next, click the Users tab in the navigation panel to attach the newly created custom policy to an existing user.
  • Click the Add Permissions button and select the Attach existing policies directly option
  • Enter you custom policy name into the search bar and select it. Click Next: Review to finalize the user permissions and enable the custom policy against your selected user.

AWS S3 Pre-signed URL

Alternatively, you can generate a one-time Pre-signed URL for a file in a S3 bucket and provide that as the target for the upload of the backup. If you choose to use this mechanism to trigger a backup, the node need not be pre-configured with a S3 backup destination. This feature is only available via the API at this time. Below is a js code snippet that uses the aws-sdk nodejs package that you may use to generate a Pre-signed URL for your S3 bucket

'use strict';

const AWS = require('aws-sdk');
const Axios = require('axios');

const s3 = new AWS.S3({
  apiVersion: '2006-03-01',
  sslEnabled: true,
  accessKeyId: '<your S3 bucket access key>',
  secretAccessKey: '<your S3 bucket secret>',
  region: '<region>'

async function createURL(params) {
  var params = {
    Bucket: '<bucket name>',
    Key: '<file name for backup>'
  let url = await s3.getSignedUrl('putObject', params);
  return url;

  .then(async (url) => {
    console.log(`URL: ${url}`);
    return url;
  .catch(err => {
    console.error(`Presigning request encountered an error ${err}`);

Azure Blob Storage

Configure an Azure Blob Storage account

  • Log into the Azure Portal and click on Storage Accounts.
  • Click on the Storage Account that you wish to configure as the backup target. If you need to create a Storage Account, please refer to the following documentation.
  • Click on Access Keys below Settings in the left hand navigation. You will need the Key when configuring the backup target.
  • Click on the Containers below Blob Service in the left hand navigation. Note down the Container Name that you will use as the backup target. Kaleido will upload a backup tar file to this container each time a backup operation is triggered on the node.

Configuration in Kaleido

Create Backup Configuration in Kaleido environment

The next step is to create a Backup configuration in your Kaleido environment. Backup configuration is per membership and can be attached to any nodes belonging to the membership. To create a Backup Configuration using API, refer to the following API Documentation. To create a Backup Configuration in the Kaleido Console, navigate to Cloud Configurations->Backup Store under Manage Resources in the left hand navigation of your environment dashboard.

Backup Store Configuration

Click on Add Backup to add a new Backup Store configuration. Select the membership for which this Backup Store configuration is applicable and provide a name for the configuration. In the next step, select AWS or Azure as the Configuration Provider and enter the relevant details for the Backup Store.

AWS Backup Store

Azure Backup Store

Attach Backup Configuration to Node

To attach a Backup Configuration to a Node using API, refer to the following API Documentation. You can obtain the backup_id for the relevant backup store by querying the configurations API endpoint under the environment.

To attach a Backup Configuation to a Node using the Kaleido Console, navigate to the Backup Store configuation you created in the previous step. Click on the Backup Store that you would like to associate with a node. Click on Attach Runtime at the bottom of the screen and select the Node.

Attach Backup Store

Backup Node Contents

After a backup configuration is created and associated with a node, On-demand backup request can be triggered on the node via Kaleido API. Kaleido uploads a tar zipped file of the node's contents to the AWS S3 bucket when such a backup operation is triggered on the node. Please refer to the API documentation for details on the API request to trigger a backup operation.

If you created a AWS S3 Pre-Signed URL as the backup destination, backup the node content by providing the following detail in the API request. Backup using AWS S3 Pre-Signed URL is not yet available via Kaleido Console. Use the generated Pre-Signed URL as presigned_url request body field in the API request:

    "presigned_url": ""