Backup & Disaster Recovery

How CloudRepo protects your artifacts and metadata, and how to supplement that protection with your own backup strategy.

What CloudRepo Protects Automatically

Artifact Storage (S3 with Versioning)

All artifacts stored in CloudRepo are backed by Amazon S3 with versioning enabled:

Overwrite protection – If an artifact is overwritten, previous versions are retained
Deletion protection – Deleted artifacts can be recovered from version history
Encryption – AES-256 encryption at rest via AWS KMS

This means accidental overwrites or deletions are recoverable. Recovery is support-assisted – contact support@cloudrepo.io with the artifact path and approximate timeframe.

Metadata (DynamoDB with Point-in-Time Recovery)

All repository metadata (repository configurations, user accounts, permissions, webhook settings) is stored in DynamoDB with Point-in-Time Recovery (PITR) enabled on all production tables:

Continuous backups – DynamoDB automatically maintains continuous backups
Point-in-time restore – Metadata can be restored to any second within the recovery window
Recovery is support-assisted – Contact support with details of what needs to be restored

Encryption

All data is encrypted:

At rest – AES-256 encryption for both artifacts (S3) and metadata (DynamoDB)
In transit – TLS 1.2+ for all connections

How Recovery Works

CloudRepo does not offer self-service recovery APIs. If you need to recover artifacts or metadata, contact our support team:

Email support@cloudrepo.io with details:
- What was lost (artifact path, repository name, etc.)
- When the loss occurred (approximate date/time)
- Whether this was a deletion, overwrite, or other issue
Our team investigates using S3 version history and/or DynamoDB PITR
Artifacts or metadata are restored and you are notified

Typical scenarios:

Scenario	How We Help
Accidental artifact deletion	Restore from S3 version history
Accidental artifact overwrite	Restore previous version from S3
Metadata or config loss	Restore from DynamoDB point-in-time recovery
Repository misconfiguration	Restore previous metadata state via PITR

Customer Supplementary Backups

While CloudRepo provides built-in data protection, we recommend maintaining your own supplementary backups for critical artifacts. This follows the principle of defense in depth – your artifacts are important, and having multiple copies in multiple locations is good practice.

Periodic Artifact Exports

Download critical artifacts to your own storage on a regular schedule:

#!/bin/bash
# Export critical artifacts from CloudRepo to local storage
# Run via cron: 0 2 * * 0  /path/to/backup-cloudrepo.sh

BACKUP_DIR="/backups/cloudrepo/$(date +%Y-%m-%d)"
ORG="your-org"
REPO="maven-releases"
CREDS="username:password"

mkdir -p "$BACKUP_DIR"

# Download artifacts using your build tool
# Maven example: mirror to local directory
mvn dependency:copy-dependencies \
    -DoutputDirectory="$BACKUP_DIR" \
    -DrepoUrl="https://${ORG}.mycloudrepo.io/repositories/${REPO}"

echo "Backup completed: $BACKUP_DIR"

Local Build Tool Caching

Configure your build tools to maintain local caches:

Maven (~/.m2/settings.xml):

<settings>
  <localRepository>/path/to/local-cache</localRepository>
</settings>

pip:

# pip caches downloaded packages by default
pip config set global.cache-dir /path/to/pip-cache

npm:

npm config set cache /path/to/npm-cache

Repository Mirroring

For highest availability, mirror critical CloudRepo repositories to a secondary location:

#!/bin/bash
# Mirror a CloudRepo repository to a local Nexus or filesystem
# Adapt to your secondary storage solution

SOURCE="https://your-org.mycloudrepo.io/repositories/maven-releases"
DEST="/mirror/maven-releases"
CREDS="username:password"

# Use wget to mirror the repository structure
wget --mirror \
     --no-parent \
     --user="$CREDS" \
     --directory-prefix="$DEST" \
     "$SOURCE"

CI/CD Pipeline Artifacts

Keep copies of build artifacts in your CI/CD system:

# GitHub Actions example -- archive artifacts alongside CloudRepo upload
- name: Archive build artifacts
  uses: actions/upload-artifact@v4
  with:
    name: release-artifacts
    path: target/*.jar
    retention-days: 90

Incident Communication

During any service incident:

Status page: https://status.cloudrepo.io
Email support: support@cloudrepo.io (mark urgent issues with [URGENT] in subject)

We communicate proactively during incidents, including:

Nature and scope of the issue
Affected services
Expected resolution timeline
Resolution confirmation

Best Practices

Identify critical artifacts – Know which repositories contain release artifacts vs. disposable snapshots
Automate supplementary backups – Schedule periodic exports of critical artifacts to your own storage
Document your recovery plan – Write down what you would do if your primary artifact source were unavailable
Test your backups – Periodically verify that your supplementary backups are usable
Keep credential backups secure – Store CloudRepo credentials in your secret management system, not just in CI/CD configs

Support

For data recovery assistance:

Email: support@cloudrepo.io
Urgent: Include [URGENT] in subject line
Status: https://status.cloudrepo.io

Next Steps

Security Hardening - Security best practices
Getting Help & Support - Getting help