Encryption key management in backup and restore
When you create database users, the account passwords are stored in the database in encrypted form. The Netezza Performance Server system has a default encryption process. For more security, you can create and specify a host key for encrypting passwords.
When you back up the user and group information, the backup set saves information about the password encryption. If you use a custom host key, the host key is included in the backup set to process the account passwords during a restore. The backup process stores an encrypted host key by using the default encryption process, or you can use the nzbackup -secret option to encrypt the host key by using a user-supplied string. To restore that backup set, an administrator must specify the same string in the nzrestore -secret option. To protect the string, it is not captured in the backup and restore log files.
The -secret option is not necessary. If you do not specify one, the custom host key is encrypted by using the default encryption process. Also, the -secret option is ignored if you do not use a custom host key for encrypting passwords on your system.