Skip to content

Backing up your data encryption key (DEK)

The DEK should be backed up immediately after you deploy your first VSatellite.

As long as at least one of your VSatellites is functioning, you don't need to restore the DEK from a backup copy because it's distributed to other VSatellites automatically. However, backing up the DEK can help you recover from the scenario in which all of your VSatellites have become permanently inoperable.

To back up your DEK

  1. Open a command prompt and connect to the server where a working VSatellite is running.
  2. Run the following command:
./vsatctl export --api-key <api-key> --passphrase <secret_passphrase> --file path/to/dek/file.pem

Where can I find my API key?

In TLS Protect Cloud, click your user avatar, then click Preferences. Learn more about how to get an API key.

After running the command, store the DEK in a secure location.

What's next

If for any reason all of your VSatellites have become permanently inoperable, use the import command to restore the DEK.