Backing up Encryption Key Manager data

Use the IBM® Security Guardium® Key Lifecycle Manager, Version 4.1 backup utility to create Encryption Key Manager, Version 2.1 backup files.

1. Copy the Encryption Key Manager folder and all other necessary files to a system where IBM Security Guardium Key Lifecycle Manager, Version 4.1 is installed.
2. Ensure that the KeyManagerConfig.properties file and the following files that are mentioned in the KeyManagerConfig.properties file are copied.
   Note: You must edit the KeyManagerConfig.properties configuration file in Encryption Key Manager folder to specify absolute paths of keystore and other data files as shown in the following example.

   Admin.ssl.keystore.name=C\:/EKM21/test.keys.ssl
   Admin.ssl.truststore.name=C\:/EKM21/test.keys.ssl
   TransportListener.ssl.truststore.name=C\:/EKM21/test.keys.ssl
   TransportListener.ssl.keystore.name=C\:/EKM21/test.keys.ssl
   config.keystore.file=C\:/EKM21/test.keys.jceks
   config.drivetable.file.url=FILE\:C\:/EKM21/filedrive.table
   Audit.handler.file.directory=C\:/audit 
   Audit.metadata.file.name=C\:/EKM21/metadata/EKMData.xml
   config.keygroup.xml.file=FILE\:C\:/EKM21/KeyGroups.xml

3. Locate backup utilities folder in the system where version 4.1 is installed.

   Windows

   <SKLM_INSTALL_HOME>\migration\utilities\ekm21

   Default location is C:\Program Files\IBM\SKLMV41\migration\utilities\ekm21.

   Linux®

   <SKLM_INSTALL_HOME>/migration/utilities/ekm21

   Default location is /opt/IBM/SKLMV41/migration/utilities/ekm21.

4. Edit backup.properties in the backup utilities folder to configure properties as shown in the following example. You must set values for all the properties, except for the BACKUP_DIR property (optional).

   If you do not specify the value for BACKUP_DIR, the backup file is created in the backup subfolder under the same directory from where you run the backup utility.

   Note: On Windows operating system, the backup.properties file that you use for backup operations must not contain the property keys and values with leading or trailing spaces.

   Windows

   KLM_VERSION=2.1
   BACKUP_DIR=C:\\ekm_backup
   EKM_HOME=C:\\EKM21
   BACKUP_PASSWORD=passw0rd123
   JAVA_HOME=C:\\Program Files\\IBM\\WebSphere\\AppServer\\java\8.0 

   Linux

   KLM_VERSION=2.1
   BACKUP_DIR=/ekm_backup
   EKM_HOME=/EKM21
   BACKUP_PASSWORD=passw0rd123
   JAVA_HOME=/opt/IBM/WebSphere/AppServer/java/8.0

   Note: On Windows system, when you specify path in the properties file, use either / or \\ as path separator as shown in following example.

   C:\\ekm_backup

   Or

   C:/ekm_backup

5. Open a command prompt and run the backup utility.

   Windows

   Go to the <SKLM_INSTALL_HOME>\migration\utilities\ekm21 directory and run the following command:

   backupEKM21.bat

   Linux

   1. Go to the ekm21 directory (see Step b).
   2. Check whether the backupEKM21.sh file has executable permissions. If not, give permissions by running the following command:

      chmod 755 backupEKM21.sh

   3. Run the backup utility:

      backupEKM21.sh

6. Verify the backup operation:
   • Review the directory that contains backup files to ensure that the backup file exists. The backup files are created in the location that you specified for BACKUP_DIR in the backup.properties file.
   • Check the backup.log file for errors or exceptions. The backup.log file is created in the same directory where you run the backup utility. For a successful backup operation, ensure that there are no errors or exceptions in the log file.
   • Retain the backup password for future use in case you restore the backup.
   • Do not edit a file in the backup archive. The file that you attempt to edit becomes unreadable.