The data backup and restoration feature lets you snapshot an HSM's data and restore it to the same or a different HSM — in the same region or across regions. Use it to recover from hardware failures or to replicate data when deploying HSM clusters in a new region. All backup and restoration operations are auditable through ActionTrail.
Each backup creates a complete image of an HSM's data. If an image already contains backed-up data, creating a new backup will overwrite the existing data.
What's included in a backup
| Backup data | Description |
|---|---|
| User information | Account passwords and identity types |
| Certificate information | Cluster certificates and self-signed certificates |
| Keys | Key and its properties: key identifier, key type, key policy, key usage, key status, key owner information, KCV identifier, elliptic curve type (ECC keys only), and CRT parameters (RSA keys only) |
HSM backs up the key material of hardware-protected keys, but not their metadata. Key material is the encrypted key content stored inside the physically isolated HSM. Key metadata — such as the key ID, ARN, KMS instance, and key policy — is stored on KMS and is not included in HSM backups.
How backups work
Only full backups are supported. Incremental backups are not available.
After you enable data backup on day T, the first backup runs at 00:00 (UTC+8) on day T+1. Subsequent backups run daily at 00:00 (UTC+8). Each backup run generates one image. If all image slots are in use, the newest image overwrites the oldest one.
Before generating a new image, HSM compares the current data's digest against the previous image's digest. If they match — meaning HSM data has not changed — no new image is created, preserving your image quota.
Limitations
| Limitation | Details |
|---|---|
| Download restriction | Backups and images cannot be downloaded or inspected in detail, reducing the risk of unauthorized data replication or leakage. |
| Deletion restriction | Backups and images cannot be manually deleted. |
| Automatic deletion | Backups are automatically deleted 90 days after the HSM instance is released. Before deletion, cross-region replication and instance restoration remain available. |
| Cross-region replication scope | Cross-region image replication is only supported outside the Chinese mainland. |
Billing
Enabling data backup is charged at 10 USD per image, based on the number of images you select during purchase or upgrade.10 USD
Enable data backup
HSM must be in Enabled status before you can back up data. Because HSM supports only cluster deployment, you must have at least two HSMs across dual zones. This selection will activate data backup and restoration for all HSMs.
Enable data backup using one of the following methods.
Method 1: Enable during purchase
Select data backup when purchasing an HSM instance. For detailed steps, see Purchase and enable an HSM instance. After activation, backups run automatically on the daily schedule. View generated backups on the Data Backup and Restoration Management page.
Method 2: Enable after purchase
Go to the VSMs page of the Cloud Hardware Security Module console. In the top navigation bar, select a region.
Locate the target HSM and click  > Upgrade in the Actions column.
If Upgrade is not visible, data backup may already be enabled on that HSM.
On the Upgrade/Downgrade page, enable Data Backup and Restoration and select at least two images. Read and agree to the service terms, then click Buy Now and follow the on-screen instructions.
After purchase, backups run automatically on the daily schedule. The Data Backup and Restoration page lists the generated backups.
Copy an image to another region
Cross-region image replication is only supported outside the Chinese mainland. For example, you can copy an image from Singapore to Malaysia (Kuala Lumpur).
When replication completes, a backup labeled Backup Type: Cross-region Copy is automatically created in the destination region.
Go to the Data Backup and Restoration page of the Cloud Hardware Security Module console. In the top navigation bar, select the source region.
In the left-side navigation pane, click Data Backup and Restoration.
In the Actions column of the target backup, click View Image.
Locate the target Image ID and click Cross-region copy in the Actions column.
In the Copy Image dialog box, select the Destination Region and click OK.
Switch to the destination region and open the Data Backup and Restoration page. Hover over the
icon next to the Image ID to see the source backup ID, source image ID, source instance ID, and source image region.Identify the replicated image by its replication timestamp.
This backup aggregates all images replicated from other regions and has no expiration time.
Restore an HSM from an image
HSM supports same-region and cross-region restoration. Restoring from an image reverts an HSM to its state at backup time or initializes a new HSM with that data.
The target HSM must meet all of the following conditions before you start restoration:
Region compatibility: The HSM must be in the same region as the image. For cross-region restoration, copy the image to the target region first.
Type compatibility: The HSM must be the same instance type as the HSM the image was created from.
HSM state:
The HSM must not be part of a cluster.
The HSM status must be
NeworDisabled.The HSM must not be initialized.
Prepare the target HSM instance.
If no HSM exists in the destination region, purchase one. Do not enable the instance after purchase.
If the target HSM is in use, contact Alibaba Cloud technical support to disable and reset it.
Locate the target image on the Data Backup and Restoration page. Go to the Data Backup and Restoration page of the Cloud Hardware Security Module console and select the target region.
Same-region restoration: Find the backup labeled Backup Type: Auto Create and click View Image in its Actions column.
Cross-region restoration: Find the backup labeled Backup Type: Cross-region Copy and click View Image in its Actions column.
Click the target Image ID, then click Restore Instance in the Actions column.
In the Restore Instance dialog box, select the target Instance and click OK.
After restoration completes, the image data is copied to the target HSM.
Common scenarios
Scenario 1: Restore all HSMs in a cluster to a specified date
Restoring a cluster requires removing all HSMs from the cluster first, using images to recreate each HSM, and then redeploying the cluster. This process erases all current data in the cluster. Contact Alibaba Cloud technical support before proceeding.
Scenario 2: Cross-region deployment — replicate HSM data to a new region
To replicate data from an HSM in region A to an HSM cluster in region B, follow the process below. When purchasing HSMs in region B, buy at least two to satisfy the dual-zone deployment requirement. Do not enable or initialize the HSMs after purchase.
