Deciding about the location of the secure key repository

The default repository location of the secure key repository is /etc/zkey/repository. Set environment variable ZKEY_REPOSITORY to point to a different location for the secure key repository.

Keys stored in a secure key repository inherit the permissions from the repository directory (except write access for other users, which is always denied). The default repository location is created with group zkeyadm as owner and mode 770. Thus all secure keys created in that repository are owned by group zkeyadm. Anyone that is supposed to access secure keys in the secure key repository must be part of group zkeyadm.

If you select a location using the environment variable, you can decide about the access permissions of that directory.

Keep a backup copy of the secure key repository.