The encryption-settings export command creates a portable, passphrase-protected export of one or more encryption settings definitions. You can use encryption settings exports in the following ways:

  • As the preferred method for backing up encryption settings definitions. The export format is portable, does not depend on the cipher stream provider configuration, and can be used across server versions.
  • As a way to transfer encryption settings definitions between servers.
  • As a way to set up new server instances with an appropriate set of definitions. When executing setup, you can use the --encryptDataWithSettingsImportedFromFile and --encryptionSettingsExportPassphraseFile options to enable encryption with definitions from an export file.
  • To export the encryption settings definitions to a file, use the encryption-settings tool with the export subcommand.

    The subcommand can take the following arguments.

    Arguments Description

    --id <id>

    Specifies the ID to export for the encryption settings definition.

    You can specify this argument multiple times. If it's omitted, all definitions are exported.

    --output-file <path>(required)

    Specifies the path to the output file to write the encryption settings definition to.

    --pin-file <path>

    Specifies the path to a passphrase file containing the password for encrypting the contents of the exported definition. If this argument isn't provided, then the PIN is interactively requested.

    The following example shows the specific path to an output file for the exported encryption settings definition:

    $ bin/encryption-settings export --output-file /tmp/exported-key
    Enter the PIN to use to encrypt the definition: 
    Re-enter the encryption PIN:
    Successfully exported encrpytion settings data to file /tmp/exported-key

    The successful export returns the following:

    Successfully exported encryption settings definition 
    F635E109A8549651025D01D9A6A90F7C9017C66D to file /tmp/exported-key