Encryption Keys And The InstallerLast Updated: 01/11/2019 Introduced in Version: 2.0
Encryption keys are stored on the application server, intentionally outside the database to ensure that the data that’s secured is not stored with the key that secures it.
When you have an existing database that has encrypted data you need to have the key that was used to encrypt it or the data becomes inaccessible.
What data is encrypted in the database?
- Connection Strings for Database Integrations
- Passwords (like AD connection info settings)
- Custom data that you, as a user of Decisions, are encrypting
What happens if I completely lose my encryption keys?
The data in the database is unrecoverable and will need to be recreated.
Where are my keys?
In old versions of Decisions Keys.dat is stored in c:\Program Files\Decisions\Decisions Services Manager
In new versions of Decisions Keys.dat is stored in c:\Program Files\Decisions\Decisions Services Manager\Instances\Control within the specific instance in question.
What if I don’t have any keys?
If no keys are showing in the previously listed locations, there is no encrypted data. Keys.dat are created once a encryption event has taken place.
Multi Tenant Servers
The multi tenant Keys cannot be handled by the installer automatically, however; They are backed up automatically and can be found in installerbackup with “Instance Name” and “Date” in the file name.
Installing with Keys considered
NOTE: If you are installing a dev machine, or a single Decisions application server you can safely ignore this page during the installation and the encryption keys will be taken care of for you automatically.
When you are installing Decisions for the first time, with no previous install or data you will get this screen shown in Figure 1 during installation.
If this is your first installation of Decisions you can simply leave these settings blank and continue. Decisions will create a key file when it is needed and will back it up on uninstall.
We recommend that you press the ‘Generate Key’ button which will produce a new key file for you. After generating the key you can save the key file somewhere safe for future use.
If you are restoring an existing database, you can select a previously saved key file and press the ‘Restore Key File’ button which will put the existing key in place.
NOTE: Installing additional cluster servers will appear to be an UPGRADE and you should follow the instructions below.
If you are upgrading Decisions you will either see the screen shown in Figure 2 or Figure 3.
No Keys Found
The screen shown in Figure 2 is what happens when Decisions cannot find any existing key files to use even though there is an upgrade. In this case it is important to get a key file and restore it if there is any encrypted data in the database that needs to be accessed.
Existing Keys Found
If you see the screen in Figure 3, Decisions has found existing key files and can automatically restore or reuse them and you do not need to take any action unless you believe the key file automatically found is wrong and needs to be replaced.
When you uninstall the platform Decisions creates a directory called “installbackup” where you can find all of your old key files. The installer knows to look in this directory to try to recover key files if there are no existing keys, but the installbackup directory exists.