The database backup backs up the keys created by the KMAs within the cluster. Use a database backup in combination with a core security backup to recover from a disaster.

A Database Backup consists of two files: a Backup file and a Backup Key file. The filenames for the backup files are automatically generated, however, you can edit the names. Backup Operators are responsible for securing and storing data and their keys. Database Backups are encrypted with AES-256; and therefore, secure.

Things to consider:

• Old backups contain users, passwords, and other sensitive data you may not want to keep.
• Make and archive two current database backups in case of backup media failure.
• Never archive old copies of the database.
• If you routinely delete keys for policy or compliance reasons, the deleted keys can be recovered from prior backups.
• Make two identical copies to protect against backup media failure. This scheme also ensures another key was not issued during the backup, making the two copies different.
• Maintain offsite copies of the Core Security and Database backups.