Storing Encryption Keys
- 19 Jul 2022
- 1 Minute to read
- Print
- DarkLight
This documentation version is deprecated, please click here for the latest version.
Storing Encryption Keys
- Updated on 19 Jul 2022
- 1 Minute to read
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Losing encryption key will result in data being unrecoverable
If a pre-existing database during installation contains encrypted data, this data must be opened with the respective key that encrypted it. If lost, the data will need to be recreated.
Encryption keys encrypt sensitive database information such as connection strings for integrations, passwords including AD connection info settings, and any custom, encrypted data structures.
Old encryption keys may be restored to allow new installations access to their respective database's secured data. This is recommended when upgrading or installing a new server in a cluster.
Encryption keys support the following encryption methods:
Encryption Keys (Keys.dat) are stored alongside the server in the following version-dependent locations. Keys remain outside of the database to isolate the key from its contents.
- v8 Keys.dat resides in C:\Program Files\Decisions\FileStorage\Settings.
- v7 Keys.dat resides in C:\Program Files\Decisions\Decisions Server\Instances\Control.
- v6 Keys.dat resides in C:\Program Files\Decisions\Decisions Services Manager\Instances\Control.
New Installations
No Keys Found
When installing with no previous installations, data, or to a server without encryption keys window will display buttons to Generate Key and Save Key File.
This can be left blank to continue with the rest of the installation. The installer automatically creates a key file when needed as well as back it up on uninstall.
Existing Keys Found
For an installation with prior data, it is recommended to produce a new Keys.dat file. After generating the key, save the key file for future use.
If restoring an existing database, select a previously saved key file and press the Restore Key File button to apply it to the installation. 
Update Installations
Installing additional cluster servers will appear to be an UPDATE and should follow the instructions below.
No Keys Found
When installing, the Encryption Keys screen will prompt that encryption keys could not be found despite the update.
In this case, it is important to generate a key file in the old version's installer first and then restore it in the new version's installer to access any needed encrypted data in the database upon upgrade.
Existing Keys Found
The installer automatically restores or reuses found encryption keys without any additional required actions. Action would only need to be taken if the key file was incorrect and needed to be replaced..png)
Uninstallations
Old key files in the installbackup (C:\Program Files\Decisions\installbackup) directory. The installer will look in this directory to try to recover key files if there are no existing keys. 
For further information on Installation, visit the Decisions Forum.
Was this article helpful?
