Backing up a key repository

You can back up the queue manager key repository and restore it to a different IBM® MQ Appliance if required. This back up and restore feature is intended for disaster recovery.

About this task

You use a command to place a copy of the key repository in a file in a user-accessible file area on the appliance. You then copy that file to a backup store on another system.

The file that contains the queue manager key repository might include private keys. The file is encrypted, but you should take appropriate security precautions when handling the file. You need a password to modify or restore the file.

You should follow this procedure for every queue manager on your system.

Procedure

  1. Connect to the IBM MQ Appliance as described in Command line access.
  2. Log in as a user in the administrators group.
  3. Type mqcli to enter IBM MQ configuration mode.
  4. Type the following command to back up the key repository for a queue manager: 
    keybackup -m QmanagerName
    Where QmanagerName specifies the queue manager that you want to back up the key repository for. (You can also specify the filename and the password in the command, or ask to be prompted for the password.)
  5. The appliance displays the following warning: 
    5724-H72 (C) Copyright IBM Corp. 1994, 2025.
This operation will generate a copy of your queue manager key repository, which may include private keys. Although encrypted, you should take appropriate security precautions in handling this file.
Do you wish to continue? [Y/N]
y
Key repository has been backed up to 'mqbackup:///QM1_keyrepos.tar.gz'.
Password for key repository is:
gXAO#+%m9O|m]\
    Enter Y to continue.

    The command creates a compressed archive (.tar.gz) of the key repository files. The password is needed to restore the key repository.

  6. Type exit to leave IBM MQ configuration mode.
  7. Type config to enter configuration mode.
  8. Copy the file containing the backed-up repository to another system.

    To copy the file by using the command line interface:

    1. Connect to the command line of the appliance as described in Command line access.
    2. Log in to the appliance as an administrator.
    3. Type config to enter configuration mode.
    4. Copy the file by typing the following command: 
      copy mqbackup:///backup_filename scp://username@ipaddress/[/]directorypath
    To copy the file by using the IBM MQ Appliance web UI:
    1. Start the IBM MQ Appliance web UI, and click the administration icon shows the admin icon in the title bar.
    2. Select Main > File Management to open the File Management window.
    3. Open the mqbackup folder.
    4. Select the backup file and select Download from the menu to save the file to your local system.