---
title: Configuration export/import
description: The configuration export/import options create and restore a full PingAccess configuration.
component: pingaccess
version: 9.0
page_id: pingaccess:pingaccess_user_interface_reference_guide:pa_configuration_export_import
canonical_url: https://docs.pingidentity.com/pingaccess/9.0/pingaccess_user_interface_reference_guide/pa_configuration_export_import.html
revdate: February 6, 2023
---

# Configuration export/import

The configuration export/import options create and restore a full PingAccess configuration.

You can back up and restore your configuration for disaster recovery or for testing purposes. You can restore your configuration on the same system or a new system, as long as the version used on the restore system is not older than the version used on the backup system, and as long as the backup and restore systems both use application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)* v3 (PingAccess 5.0 or later).

The configuration backup is stored as a `JSON` file, and contains the entire PingAccess configuration, with the exceptions of the administrative user configuration and the keys used for JSON web tokens (JWTs). It uses the same format as results from the administrative APIs.

|   |                                                                                                                                                                                  |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Because the exported `JSON` file contains much of your PingAccess configuration, make sure that the file is safely stored somewhere with appropriate security controls in place. |

Sensitive data, such as secrets and passwords, are encrypted in the backup file. If you have [configured a master key encryptor](https://download.pingidentity.com/public/documentation/pingaccess/server-sdk/8.0/com/pingidentity/sdk/key/MasterKeyEncryptor.html) using the Add-on SDK for Java, the host key file (JWK set) is encrypted and included in the exported data. When running in Amazon Web Services (AWS) *(tooltip: \<div class="paragraph">
\<p>An Amazon subsidiary providing cloud computing platforms.\</p>
\</div>)*, the AWS Key Management Services (KMS) master key encryptor bundled with PingAccess can be configured for master key encryption. See [Configuring PingAccess to use Amazon Key Management Services](../configuring_and_customizing_pingaccess/pa_config_amazon_kms.html) for more information.

You can modify the backup file directly. If you plan to do so, make an unmodified copy of the backup file before you begin.