- 19 Feb 2024
- 1 Minute to read
- Print
- DarkLight
Storing Encryption Keys
- Updated on 19 Feb 2024
- 1 Minute to read
- Print
- DarkLight
Encryption keys encrypt sensitive database information such as connection strings for integrations, passwords including AD connection info settings, and any custom, encrypted data structures.
Users may restore old encryption keys to allow new installations access to their respective database's secured data. This is recommended when upgrading or installing a new server in a cluster.
Encryption keys support the following encryption methods:
Encryption Keys are intentionally stored on the Application Server outside the database, so the secured data is not stored next to its key. Keys are stored as Keys.dat in the following locations depending on the version:
- v.8 Keys.dat resides in C:\Program Files\Decisions\FileStorage\Primary\Settings
- v.7 Keys.dat resides in C:\Program Files\Decisions\Decisions Server\Instances\Control
- v.6 Keys.dat resides in C:\Program Files\Decisions\Decisions Services Manager\Instances\Control
Installing With/Without Encryption Keys
New Installation or Upgrade With No Keys Found
The installer prompts the Encryption Keys screen when installing to a machine with no previous installation passwords or data or to a server with no found encryption keys. The user may enter a previous encryption key file and select Restore Key File to locate its respective Kay.dat file and apply it to the installation.
If no keys are found, then the database contains no encrypted data. The Keys.dat file is only generated once an encryption event occurs.
Upon generating a new encryption key, the Keys.dat file can be found in the installbackup folder located via C:\Program Files\Decisions\installbackup once installed.
The screenshot below represents a new installation's Encryption Keys screen.
The screenshot depicts the Encryption Keys window during installation with a pre-existing server without Encryption Keys.
Upgrade Installation With Keys
If configured and saved keys are found during installation, the installer can restore or reuse them without additional action.
A different key file would only need to be used if the found key file is incorrect and thus needs to be replaced.
Saving Encryption Keys After Uninstalling
Key files are automatically placed in the installbackup folder after uninstalling. When reinstalling, the installer will search this directory to recover any key files if there remain no existing keys.