To back up an individual definition (or to export it from one server so that you can import it into another), use the export subcommand to the encryption-settings command. The subcommand takes the following arguments:
  • --id {id}. Specifies the ID for the encryption-settings definition to be exported. This argument can be specified multiple times. If it is omitted, all definitions are exported.
  • --output-file {path}. Specifies the path to the output file to which the encryption-settings definition will be written. This argument is required.
  • --pin-file {path}. Specifies the path to a PIN file containing the password to use to encrypt the contents of the exported definition. If this argument is not provided, then the PIN will be interactively requested from the server.
  • Use the encryption-settings tool with the export subcommand to export the definition to a file.
    $ bin/encryption-settings export --id F635E109A8549651025D01D9A6A90F7C9017C66D \
      --output-file /tmp/exported-key
    Enter the PIN to use to encrypt the definition: 
    Re-enter the encryption PIN:
    Successfully exported encryption settings definition 
    F635E109A8549651025D01D9A6A90F7C9017C66D to file /tmp/exported-key