The Directory Server provides two different mechanisms for backing up and restoring encryption-settings definitions.
The two ways you can backup and restore encryption-settings definitions:
- Export and import one or more encryption-settings definitions using the encryption-settings tool.
- Backup and restore the entire encryption-settings database using the backup and restore tools.
If a PIN file is used to define a passphrase to the encryption-settings database, you must backup the passphrase and secure it independently of the userRoot and encryption-settings database backups. If the encryption-settings database is restored into a different server root, the passphrase in the PIN file is required.
Make sure the encryption-settings definitions are backed up regularly so you don't lose the encryption-settings definitions used to encrypt data in the server. If an encryption-settings definition is lost, any data encrypted with that definition is completely inaccessible.