Password-based encryption for backups

When you use the password-based encryption method for backups, you must specify an encryption password during the backup process. The same password must be specified to restore backups.

When you run the IBM® Security Guardium® Key Lifecycle Manager backup operation, a backup archive is created. The backup key in the archive encrypts backup contents. During the restore process, backup contents are restored by specifying the password that was used when you created the backups.

The backup archive contains the following files:
  • Manifest file, which lists all the IBM Security Guardium Key Lifecycle Manager data files in the archive.
  • Backup keystore where the backup key is stored
  • Truststore and keystore with the master key
  • IBM Security Guardium Key Lifecycle Manager configuration files
  • IBM Security Guardium Key Lifecycle Manager data dumps