Configuring SFTP backup settings for a fresh install of the Management subsystem on OpenShift or Cloud Pak for Integration

Configure SFTP backups for the API Connect Management subsystem that you will deploy in your OpenShift or Cloud Pak for Integration environment.

Before you begin

If the APIConnectCluster instance is already created, do not use these instructions. Instead, add the Management backup configuration by following the instructions in Reconfiguring or adding backup settings after installation of the management subsystem on OpenShift and Cloud Pak for Integration.

About this task

Beginning with API Connect, when creating an instance of API Connect, you can use the advanced configuration settings to configure database backups for the Management subsystem.


  1. Create a backup secret.

    The backup secret is a Kubernetes secret that contains your credentials for accessing the SFTP backup database. Supported credentials types:

    • Username and password ( or later).
    • Username and SSH-key ( or later). Only OpenSSH keys are supported.1

    Use one of the following commands to create the secret:

    • Username and password credentials
      $ oc create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>' 
      --from-literal=password='<YOUR PASSWORD>' -n <namespace-of-mgmt-subsystem>
    • Version or later: Username and SSH-key credentials:
      $ oc create secret generic mgmt-backup-secret --from-literal=username='<YOUR USERNAME>'
       --from-file=ssh-privatekey='<YOUR PRIVATEKEY FILE>' -n <namespace-of-mgmt-subsystem>
  2. Configure th Management backup settings.

    Create the APIConnectCluster installation CR and add the Management backup configuration using one of the following methods:

    • OpenShift web console:
      1. Navigate to Advanced Configuration > ManagementSubsystem > Advanced Configuration > Database Backups > Advanced Configuration
      2. See the on-screen instructions for how to fill in each field. See also Management subsystem settings.

        The following fields are unique to SFTP backup configuration:

        • Server port. Default is 22.
        • The fields in the Restart Database section. Changing SFTP (protocol) backup configures does not involve any downtime.
        • Retries.
    • Cloud Pak Platform Navigator:
      1. In Platform Navigator for the API Connect cluster instance, select Configuration. On the UI Form tab, set Advanced Options to On.
      2. See the on-screen instructions for how to fill in values for:
        • Credentials
        • Server Hostname
        • Path
        • Server Port
        • Protocol
        • Retries
        • Schedule

        For more information, see Management subsystem settings.

    • YAML file: Use Table 1 for guidance while you define the backup settings as shown in the following example.
            protocol: sftp
            host: <SFTP-host-name>
            port: <SFTP-port>
            path: apic-backup
            retries: 0
            credentials: mgmt-backup-secret
            schedule: "0 3 * * *"
      Table 1. Backup configuration settings
      Setting Description
      protocol The type of the backup. For SFTP storage: sftp.
      host The backups host. For sftp type, the SFTP server hostname
      port The SFTP server port. Optional. Default: 22.
      path The path to the location of the backup. For sftp type, the folder name on the SFTP server.
      retries The number of times the ibm-apiconnect Operator attempts backups in the event of a failed SFTP backup.

      Default value: 0.

      credentials Name of the Kubernetes secret containing your SFTP Username/password. For Version or later, the Kubernetes secret can contain your SFTP Username and SSH key.
      schedule Cron like schedule for performing automatic backups. The format for the schedule is:
      • * * * * *
      • - - - - -
      • | | | | |
      • | | | | +----- day of week (0 - 6) (Sunday=0)
      • | | | +------- month (1 - 12)
      • | | +--------- day of month (1 - 31)
      • | +----------- hour (0 - 23)
      • +------------- min (0 - 59)

      The timezone for backups is that of the node on which the postgres-operator pod is scheduled.

      There is no default backup schedule set. Be sure to set your backup schedule.

      All scheduled Management subsystem backups are of type full only.

1 PuTTY style keys can be converted to OpenSSH by using the PuTTY Key Generator (PuTTYgen) application; see