Use the encryption-settings tool with the export subcommand to export encryption settings definitions.
The encryption-settings export command creates a portable, passphrase-protected export of one or more encryption settings definitions. You can use encryption settings exports in the following ways:
- As the preferred method for backing up encryption settings definitions. The export format is portable, does not depend on the cipher stream provider configuration, and can be used across server versions.
- As a way to transfer encryption settings definitions between servers.
- As a way to set up new server instances with an appropriate set of definitions. When executing setup, you can use the --encryptDataWithSettingsImportedFromFile and --encryptionSettingsExportPassphraseFile options to enable encryption with definitions from an export file.
The subcommand can take the following arguments.
| Arguments | Description |
|---|---|
|
|
Specifies the ID to export for the encryption settings definition. You can specify this argument multiple times. If it's omitted, all definitions are exported. |
|
|
Specifies the path to the output file to write the encryption settings definition to. |
|
|
Specifies the path to a passphrase file containing the password for encrypting the contents of the exported definition. If this argument isn't provided, then the PIN is interactively requested. |
The following example shows the specific path to an output file for the exported encryption settings definition:
$ bin/encryption-settings export --output-file /tmp/exported-key
Enter the PIN to use to encrypt the definition:
Re-enter the encryption PIN:
Successfully exported encrpytion settings data to file /tmp/exported-keyThe successful export returns the following:
Successfully exported encryption settings definition F635E109A8549651025D01D9A6A90F7C9017C66D to file /tmp/exported-key