Contents x
Storing Encryption Keys
  • 19 Jul 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Contents

Storing Encryption Keys

  • Updated on 19 Jul 2022
  • 1 Minute to read
  • Print
  • Dark
    Light
Article Summary

Losing encryption key will result in data being unrecoverable
If a pre-existing database during installation contains encrypted data, this data must be opened with the respective key that encrypted it. If lost, the data will need to be recreated. 

Encryption keys encrypt sensitive database information such as connection strings for integrations, passwords including AD connection info settings, and any custom, encrypted data structures. 

Old encryption keys may be restored to allow new installations access to their respective database's secured data. This is recommended when upgrading or installing a new server in a cluster.

Encryption keys support the following encryption methods:

Encryption Keys (Keys.dat) are stored alongside the server in the following version-dependent locations. Keys remain outside of the database to isolate the key from its contents. 

  • v8 Keys.dat resides in C:\Program Files\Decisions\FileStorage\Settings.
  • v7 Keys.dat resides in C:\Program Files\Decisions\Decisions Server\Instances\Control.
  • v6 Keys.dat resides in C:\Program Files\Decisions\Decisions Services Manager\Instances\Control.

New Installations

No Keys Found

When installing with no previous installations, data, or to a server without encryption keys window will display buttons to Generate Key and Save Key File

This can be left blank to continue with the rest of the installation. The installer automatically creates a key file when needed as well as back it up on uninstall.

Existing Keys Found 

For an installation with prior data, it is recommended to produce a new Keys.dat file. After generating the key, save the key file for future use. 

If restoring an existing database, select a previously saved key file and press the Restore Key File button to apply it to the installation. 

Update Installations

Installing additional cluster servers will appear to be an UPDATE and should follow the instructions below.

No Keys Found

When installing, the Encryption Keys screen will prompt that encryption keys could not be found despite the update. 

In this case, it is important to generate a key file in the old version's installer first and then restore it in the new version's installer to access any needed encrypted data in the database upon upgrade.

Existing Keys Found

The installer automatically restores or reuses found encryption keys without any additional required actions. Action would only need to be taken if the key file was incorrect and needed to be replaced.

Uninstallations

 Old key files in the installbackup (C:\Program Files\Decisions\installbackup) directory. The installer will look in this directory to try to recover key files if there are no existing keys. 

For further information on Installation, visit the Decisions Forum.
Was this article helpful?
What's Next
Decisions
Resources
Organization
Connect