SOAR KeyVault backup
The KeyVault stores all of the passwords that are used in the SOAR Platform. If the KeyVault is lost, it results in a considerable loss of data. For that reason, the SOAR Platform writes a backup of the KeyVault files to the system database when passwords are added or removed, and after each system upgrade. For example, a backup is written to the database when you add a Threat Source, such as IBM® X-Force® Exchange.
The default installation includes the KeyVault password in this backup. If the KeyVault password is encrypted, the encrypted password is backed up.
The net result of this approach is that if you are currently backing up your
database, it includes your KeyVault backup. If you choose to NOT back up your KeyVault password
(should_backup_password is set to false
in keys.properties
), then
you must ensure that the KeyVault files are backed up separately.
sudo resutil keyvaultrestore -dir <directory>
The -dir
argument specifies the location where you want to restore the backup.
This command restores the backup from the database to the directory that you specified. If the
existing KeyVault is lost or corrupted, you can use the backup by renaming the directory to
/crypt/keyvault
. Make sure that the permissions and ownership of the files are the
same as the original.
-date
argument, which is specified in this format, yyyy-MM-ddThh:mm:ss
. For
example,sudo resutil keyvaultrestore -dir somedir -date 2020-05-26T11:00:00