PingDirectory

Exporting encryption settings definitions

Use the encryption-settings tool with the export subcommand to export encryption settings definitions.

About this task

The encryption-settings export command creates a portable, passphrase-protected export of one or more encryption settings definitions. You can use encryption settings exports in the following ways:

  • As the preferred method for backing up encryption settings definitions. The export format is portable, does not depend on the cipher stream provider configuration, and can be used across server versions.

  • As a way to transfer encryption settings definitions between servers.

  • As a way to set up new server instances with an appropriate set of definitions. When executing setup, you can use the --encryptDataWithSettingsImportedFromFile and --encryptionSettingsExportPassphraseFile options to enable encryption with definitions from an export file.

Steps

  • To export the encryption settings definitions to a file, use the encryption-settings tool with the export subcommand.

    The subcommand can take the following arguments.

    Arguments Description

    --id <id>

    Specifies the ID to export for the encryption settings definition.

    You can specify this argument multiple times. If it’s omitted, all definitions are exported.

    --output-file <path>(required)

    Specifies the path to the output file to write the encryption settings definition to.

    --pin-file <path>

    Specifies the path to a passphrase file containing the password for encrypting the contents of the exported definition. If this argument isn’t provided, then the PIN is interactively requested.

    Example:

    The following example shows the specific path to an output file for the exported encryption settings definition:

    $ bin/encryption-settings export --output-file /tmp/exported-key
    Enter the PIN to use to encrypt the definition:
    Re-enter the encryption PIN:
    Successfully exported encrpytion settings data to file /tmp/exported-key

    The successful export returns the following:

    Successfully exported encryption settings definition
    F635E109A8549651025D01D9A6A90F7C9017C66D to file /tmp/exported-key