Backing up Key Trustee Server and clients

In case of failure, you should regularly back up Key Trustee Server databases and configuration files. You must also back up client configuration files and keys for Key Trustee Server clients, such as Navigator Encrypt.

Key Trustee Server high availability applies to read operations only. If either Key Trustee Server fails, the client automatically retries fetching keys from the functioning server. New write operations (for example, creating new encryption keys) are not allowed unless both Key Trustee Servers are operational.

Cloudera strongly recommends regularly backing up Key Trustee Server databases and configuration files. Because these backups contain encryption keys and encrypted deposits, you must ensure that your backup repository is as secure as the Key Trustee Server.

You must also back up client configuration files and keys for Key Trustee Server clients, such as Navigator Encrypt.