Exporting encryption settings definitions
Use the encryption-settings
tool with the export
subcommand to export encryption settings definitions.
About this task
The encryption-settings export
command creates a portable, passphrase-protected export of one or more encryption settings definitions. You can use encryption settings exports in the following ways:
-
As the preferred method for backing up encryption settings definitions. The export format is portable, does not depend on the cipher stream provider configuration, and can be used across server versions.
-
As a way to transfer encryption settings definitions between servers.
-
As a way to set up new server instances with an appropriate set of definitions. When executing
setup
, you can use the--encryptDataWithSettingsImportedFromFile
and--encryptionSettingsExportPassphraseFile
options to enable encryption with definitions from an export file.
Steps
-
To export the encryption settings definitions to a file, use the
encryption-settings
tool with theexport
subcommand.The subcommand can take the following arguments.
Arguments Description --id <id>
Specifies the ID to export for the encryption settings definition.
You can specify this argument multiple times. If it’s omitted, all definitions are exported.
--output-file <path>
(required)Specifies the path to the output file to write the encryption settings definition to.
--pin-file <path>
Specifies the path to a passphrase file containing the password for encrypting the contents of the exported definition. If this argument isn’t provided, then the PIN is interactively requested.
Example:
The following example shows the specific path to an output file for the exported encryption settings definition:
$ bin/encryption-settings export --output-file /tmp/exported-key Enter the PIN to use to encrypt the definition: Re-enter the encryption PIN: Successfully exported encrpytion settings data to file /tmp/exported-key
The successful export returns the following:
Successfully exported encryption settings definition F635E109A8549651025D01D9A6A90F7C9017C66D to file /tmp/exported-key