BAR_ENCRYPTION configuration parameter

Use the BAR_ENCRYPTION parameter to encrypt the backups.

onconfig.std value

Not set. Backup data is not encrypted.

takes effect
When ON-Bar starts.

Usage

Use the BAR_ENCRYPTION configuration parameter to enable backup encryption, set the path to the keystore containing the credentials to access a remote key server or the path of a keyfile containing the backup encryption key, and specify the encryption cipher.

Syntax for the BAR_ENCRYPTION configuration parameter

>>-BAR_ENCRYPTION--keystore--=--keystore_name------------------>
                '--keyfile---=--keyfile_name--'
>--+--------------------------+--------------------------------->
   '-,--cipher--=--+-aes128-+-'   
                   +-aes192-+     
                   '-aes256-'  
Table 1. Options for the BAR_ENCRYPTION configuration parameter value
Field Value
keystore The keystore specifies the name of the keystore and stash file names. The files are created in the ONEDB_HOME/etc directory:
  • keystore.p12 = The keystore file that contains the security certificates.
  • keystore.sth = The stash file that contains the encryption password.

You must manually back up the keystore and password stash files. These files are not backed up when you run a back up with the ON-Bar or ontape utilities.

keyfile The keyfile specifies the full path of a text file that contains a backup encryption key of suitable size for the cipher chosen. The key must be encoded in base64 format.
cipher Specifies the encryption cipher:
  • aes128 = Default. Advanced Encryption Standard cipher with 128-bit keys.
  • aes192 = Advanced Encryption Standard cipher with 192-bit keys.
  • aes256 = Advanced Encryption Standard cipher with 256-bit keys.