Backing up the software encryption key
When you installed and configured Venafi Trust Protection Platform, you had the option to enable either software or hardware encryption (or both). If you enabled software encryption, you need to back up the software encryption key to a secure location. The software key is critical to the functionality of Trust Protection Platform. Without it, you cannot access data in the database. In the event of a system failure, you will need a copy of the encryption key to access your data. Additionally, if you want to install additional Trust Protection Platform servers, you will need the software key to install and configure those servers.
DID YOU KNOW? How is the Venafi Trust Protection Platform software key used and why is it so important to back it up?
Trust Protection Platform maintains all system information—that is, configuration settings, managed server and certificate information, archived certificates, and private keys—in a database. To secure this information, Trust Protection Platform uses an AES-256 encryption key—the software key—to encrypt the connection to the database.
Depending on the encryption key selected in the object configuration, the objects themselves can be encrypted using the software key. The key is securely stored in the Windows registry.
For more information about why it's important to back up your data, see Disaster recovery operations.
To export the software key from Venafi Configuration Console
- From the Venafi Trust Protection Platform server, open Venafi Configuration Console.
- In the left panel, click Connectors.
- In the center panel, click the component.
- In the Actions panel on the right, click Export Key...
- (Conditional) If requested, enter the Venafi Platform administrator user name and password.
- Enter a password to encrypt the exported key.
- Click Browse to select a location to export the key.
- Click Export.
For more information, see Venafi Configuration Console.
To export the software key from the command line
- On the Venafi server, open a command line and browse to the Venafi installation directory.
-
Run the following command:
tppconfiguration.exe -keyexport:<file-path>