You must specify an encryption password to back up IBM Security Key Lifecycle Manager data.
Use the same password to decrypt and restore the backup files.
About this task
You can use the Backup and Restore page.
Alternatively, you can use the tklmBackupRun command
or Backup Run REST Service to back up critical
data. Your role must have a permission to back up
files.
IBM Security Key Lifecycle Manager creates
backup files in a manner that is independent of operating systems
and directory structure of the server. You can restore the backup
files to an operating system that is different from the one it was
backed up from.
Note: Backup success messages are system wide. Two administrators might
run backup tasks that overlap in time. During this interval, the administrator who starts a second
task that fails might see a false success message from the first backup task.
Procedure
- Go to the appropriate page or directory.
- Graphical user interface
- Log on to the graphical user interface.
- On the Welcome page, click .
- Command-line interface
- Go to the
WAS_HOME/bin directory. For example,
- Windows
cd drive:\Program Files\IBM\WebSphere\AppServer\bin- Linux
cd /opt/IBM/WebSphere/AppServer/bin
- Start the wsadmin interface by using an authorized
user ID, such as
SKLMAdmin. For example,
- Windows
wsadmin.bat -username SKLMAdmin -password mypwd -lang jython
- Linux
./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython
- REST interface
- Open a REST client.
- Create a backup file.
You can run only one backup
or restore task at a time.
- Graphical user interface
- On the Backup and Restore table, the Backup repository
location field displays the default <SKLM_DATA> directory path,
where the backup file is saved, for example, C:\Program
Files\IBM\WebSphere\AppServer\products\sklm\data. For the definition of
<SKLM_DATA>, see Definitions for HOME and other directory variables. Click
Browse to specify a backup repository location under
<SKLM_DATA> directory.
Directory path in the Backup repository
location field changes based on the value that you set for the
tklm.backup.dir property in the SKLMConfig.properties
file.
- Click Create Backup.
- On the Create Backup page, specify information such as a value for the
encryption password and backup description. A read-only backup file location is displayed in the
Backup location field. Ensure that you retain the encryption password for
future use in case you restore the backup.
- Click Create Backup.
- Command-line interface
- Type tklmBackupRun, the backup location, encryption
password, and any other necessary information to create a backup file.
For example:
print AdminTask.tklmBackupRun ('[-password myBackupPwd]')
- REST interface
- Obtain a unique user authentication identifier to access IBM Security Key Lifecycle Manager REST
services. For more information about the authentication process, see Authentication process for REST services.
- To run Backup Run REST Service, send the HTTP
POST request. Pass the user authentication identifier that you obtained
in
Step a along with the request message as shown
in the following example.POST https://localhost:<port>/SKLM/rest/v1/ckms/backups
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language : en
{"backupDirectory":"/sklmbackup1","password":"myBackupPwd"}
- A message indicates that the backup file was created, or
that the backup operation succeeded.
The
time stamp on a backup file has a Greenwich Mean Time (GMT) offset represented in RFC 822 format.
The file name contains a +hhmm or -hhmm element to specify a
timezone ahead of or behind GMT. For example, a file name might be sklm_v3.0.1.0_20170123144220-0800_backup.jar, where
-0800 indicates that the timezone is eight hours behind GMT.
What to do next
Retain the encryption password for future use in case
you restore the backup. Review the directory that contains the backup
files to ensure that the backup file exists. Do not edit a file in
the backup JAR file. The file that you attempt to edit becomes unreadable.