Encryption key management in backup and restore

Deployment options: Netezza Performance Server for Cloud Pak for Data System Netezza Performance Server for Cloud Pak for Data

When you create database users, the account passwords are stored in the database in encrypted form. The Netezza Performance Server system has a default encryption process. For more security, you can create and specify a host key for encrypting passwords.

When you back up the user and group information, the backup set saves information about the password encryption. If you use a custom host key, the host key is included in the backup set to process the account passwords during a restore. The backup process stores an encrypted host key by using the default encryption process, or you can use the nzbackup -secret option to encrypt the host key by using a user-supplied string. To restore that backup set, an administrator must specify the same string in the nzrestore -secret option. To protect the string, it is not captured in the backup and restore log files.

The -secret option is not necessary. If you do not specify one, the custom host key is encrypted by using the default encryption process. Also, the -secret option is ignored if you do not use a custom host key for encrypting passwords on your system.