How to export Realm app users?

Is it possible to export users from a Realm app?

I want to re-create an app but keep all the app users.

Thanks,
Thomas

Hi,

I want same feature but for resilience data, i want way to export all data from Realm App ( Users, Secret, etc ), encrypted or not i dont care.

Just one way to save all data of one application outside of Mongo.
And if i want to rebuild another Realm App. I want an easy way like import export CLI to do this.

Thanks.

Hi Thomas/Jonathan,

Unfortunately it is not currently possible to move users from one app to another.
This appears to have been suggested as an idea by a different customer on our feedback portal, please feel free to vote on this idea and/or add comments with more information about your business use case.

Also regarding export of secrets, they are intentionally not included in the export process.
Please follow these steps to move them across:

  1. Export app
  2. Import app via CLI (resulting in could not find secret error)
  3. Create the secret manually in the UI of the incomplete-imported app (or via CLI)
  4. Attempt import of app again via cli using realm-cli import --strategy=replace

Regards
Manny

Thanks for response @Mansoor_Omar

Ok but today we didn’t really have sort of backup for realm apps, only code import export, i think it’s very dangerous for any business to not have access of this data.

Can you talking about resilience of data, How data was store ? Where data was store ? If one datacenter shutdown what’s happend to our realm apps ?

Again thanks @Mansoor_Omar for the response, but I really really hope we see export/import of users soon as the user database = business. I don’t even know if the user database is backed up internally.

Depending on your use case, a workaround that might work for now is to back up your users using the Realm Admin API: https://docs.mongodb.com/realm/admin/api/v3/#users-apis – that will however only allow you to recreate users that are using the email / password authentication provider.

An alternative workaround is to use a third party authentication provider which is able to issue a JWT that you can use to authenticate the user towards the Realm server. That third party service might have ways for you to backup and restore users.

2 Likes

Thanks @kraenhansen :).

Okay, so do you know why the API only handles email/password auth? Is it a technical issue not including users authenticated via socal providers or could I submit a suggestion to include them as well?

The issue I have is that users are tightly coupled (physically) to the Realm app and you can’t export them. I can’t just delete the app and recreate it and the scary thing is if the app is lost or stops working. And it prevents me from changing app region.

1 Like

I believe the users endpoint will return all users (independent of their auth provider) but the response won’t contain enough for you to create them again in another Realm app. For obvious security reasons, you can’t retrieve users password in cleartext :slight_smile:

My comment was more that you could “import” them by creating email / password users with a random password that they can reset before logging in. But … this is (as I mentioned) a workaround.

To be completely honest, I share your concern: As a developer you either have to have control over backups of your database of users or good confidence that these are backed up and can be restored in case something goes wrong in the operations. For what it’s worth, MongoDB Realm uses Atlas as its database and as such relies on the backup capabilities of the platform.

I agree that we can definitely improve the documentation and developer experience here.

If we use Realm app, this not for use another external service for authentication :confused:

BTW, for me is not normal, as minimal you have created any backup system like atlas for us. If one day you have any problem with data we lost every links between customer in Realm App and Custom Data in Mongo Atlas. And If we create new users, theirs IDs will change to, and both database will not be sync.

It’s so complicated to give access to Realm App Database ? @kraenhansen

@kraenhansen Got an idea.

You can create encrypted backup, this will not create security breach if only you have keys to decrypt.
We this solution we can backup externaly our realm app users and database.

And if someday we want to backup users, transfert users, change region, restore at point etc.
We just give you this file or select in list of backup like atlas, and you use in background.

1 Like

@kraenhansen ofc, I see your point in not being able to export or retrieve users and password :slight_smile:.

For me I think the use case boils down to being able to re-create the app without loosing the user database.

Although I don’t know how Realm works under the hood, I guess it would be doable to have the option not to delete users if you delete the app. They must share some common key to the app and when you create a new app, you could import an old/existing user database. Then if you want to delete users for good there could be a second place in UI for deleting user collections.

1 Like

I think both are great suggestions.

@kraenhansen Hi,
Do you plan to add one of these feature or similar soon ?

Hi @Jonathan_Gautier – We don’t have any plans to add this in the near term, but we do have an item tracking this request in our feedback forums that you can follow for updates.

2 Likes

Hi,
I probably lack of some knowledge on that topic, but it is stated somewhere above that we can recreate user (for email authentication) to workaround this issue.
I don’t agree with that : this will recreate a new user with a new id.
As documents are partitioned with that specific Id, doing so will present a fresh empty realm to the user and all his previous documents will remain orphans lost in the middle of all other document.

you’ll have to re-link documents with the new owner id manually?
This is also valid for external provider as for auth function.

If you have any issue with your user account, your business will be in great trouble.

IMO, being able to backup user database is a must have even without passwords. Asking users to reset their password is much easier than telling a customer “sorry, due to a missclick/issue, all your data are still safe in the database but we don’t know exactly where…”

regards.

Hi Bruno – In this case, would it be possible to use an Auth Trigger to move documents from the old user to a new user on sign-up? That would allow the migration of data to be able to take place automatically.

Look likes temporary solution … We need better solution to manage users database guys :confused:

@Drew_DiPalma
Hi Drew,

Sure using Auth trigger could help if you have the former user id stored somewhere.
Moreover you will load your cluster a little more as it will run upon auth process for all users.
How long it will run if your DB have more than 50 collections with some conaining thousands of documents ?
If you just loose previous user entry, then you have to manually figure out what former user id was by comparing all existing partition keys to all existing user ids.

If you loose more than one user, you’re stuck.

If you can retrieve the previous entry , then you can create a one shot function to remap partition key. But once more, to do that you must have at least 1 backup ( other than a printscreen of the user list !)

regards,
Bruno

As a quick workaround it could be a good option to get the ability to query all users information from a function (in order to manage backup with a custom function with a schedule ) . it could also allow admins to run cleaning/archiving for unused accounts based on “last login date”.

An ugly solution can be using (as Drew propose) an Auth Trigger to save user critical informations in a collection upon authentication. Unfortunately this could bring some security issues.

regards,
Bruno