Downloading Your Admin Key Part

Every user account with Security Admin privileges receives an encrypted Admin Key part. Certain KeyControl functions, such as restoring the system from a backup, require that a certain number of parts be uploaded to KeyControl within a certain amount of time. Once KeyControl receives the correct number of parts, it can validate the Admin Key and perform the requested procedure. Once you download your key part, make sure you store it securely and that you can find it when needed.

Important: You also need to keep previous Admin Key parts and know when each part was created. If you need to restore a system from a previous backup, you must have the key parts that were valid when that backup was created. If the Admin keys have been regenerated, you cannot download the current Admin Key parts and use those to restore a previous version of KeyControl.

  1. Log into the KeyControl webGUI with your standard account credentials.
  2. In the top menu bar, click Settings.
  3. In the Account Settings section, click Download Key. KeyControl downloads a file to your browser's default download location called username_kc-ip-addr.key.gen#, where username is the currently logged in KeyControl account name, kc-ip-addr is the KeyControl IP address into which you are currently logged in, and # is the generation count. For example, secroot_10.238.66.235.key.gen8.

  4. If you want to remove the Admin Key part from the KeyControl encrypted object store, click Clear Key. If you later attempt do download the key part after clearing it, you will get an error stating that the key part does not exist. You will need to regenerate the key as described in Generating the Admin Key.