Article summary
Did you find this summary helpful?
Thank you for your feedback
Do not lose the encryption key, or the data will be unrecoverable.
If a pre-existing database is present during the installation, then its encrypted data will only open with the same encrypted key. If lost, the data must be recreated.Encryption keys encrypt sensitive database information such as connection strings for integrations, passwords including AD connection info settings, and any custom, encrypted data structures.
Users may restore old encryption keys to allow new installations access to their respective database's secured data. This is recommended when upgradingor installing a new server in a cluster.
Encryption keys support the following encryption methods:
Encryption Keysare intentionally stored on the ApplicationServeroutside the database, so the secured data is not stored next to its key. Keys are stored as Keys.datin the following locations depending on the version:
- v.8Keys.dat resides in C:\Program Files\Decisions\FileStorage\Primary\Settings
- v.7Keys.dat resides in C:\Program Files\Decisions\Decisions Server\Instances\Control
- v.6Keys.dat resides in C:\Program Files\Decisions\Decisions Services Manager\Instances\Control
Installing With/Without Encryption Keys
Multi-Tenant Encryption Keys
In Multi-Tenant environments, Keys cannot be handled by the installer. Instead, they are automatically backed up and stored in a directory called installerbackup.
New Installation or Upgrade With No Keys Found
The installer prompts the Encryption Keys screen when installing to a machine with no previous installation passwords or data or to a server with no found encryption keys. The user may enter a previous encryption key file and select Restore Key File to locate its respective Kay.dat file and apply it to the installation.
If no keys are found, then the database contains no encrypted data.TheKeys.dat file is only generated once an encryption event occurs.
Upon generating a new encryption key, the Keys.dat file can be found in the installbackupfolder located via C:\Program Files\Decisions\installbackup once installed.
The screenshot below represents a new installation's Encryption Keys screen.
The screenshot depicts the Encryption Keys window during installation with a pre-existing server without Encryption Keys.
Upgrade Installation With Keys
If configured and saved keys are found during installation, the installer can restore or reuse them without additional action.
A different keyfile would only need to be used if the found key file is incorrect and thus needs to be replaced.
Saving Encryption Keys After Uninstalling
Keyfiles are automatically placed in the installbackupfolder after uninstalling. When reinstalling, the installer will search this directory to recover any key files if there remain no existing keys.
For further information on Installation, visit the Decisions Forum.
Was this article helpful?
