Downloading Your Admin Key Part

Every user account with Security Admin privileges receives an encrypted Admin Key part. Certain KeyControl functions, such as restoring the system from a backup, require that a certain number of parts be uploaded to KeyControl within a certain amount of time. Once KeyControl receives the correct number of parts, it can validate the Admin Key and perform the requested procedure. Once you download your key part, make sure you store it securely and that you can find it when needed.

Note: If an external key server (EKS) is used to store Admin Keys, administrators do not define the storage location and Admin Key parts are no longer available for download. For more information, see Admin Keys .

Important: You also need to keep previous Admin Key parts and know when each part was created. If you need to restore a system from a previous backup, you must have the key parts that were valid when that backup was created. If the Admin keys have been regenerated, you cannot download the current Admin Key parts and use those to restore a previous version of KeyControl.

1. Log into the KeyControl Vault Management webGUI with your standard account credentials.
2. In the top right, click the Switch to Appliance Management link.
3. In the top menu bar, click Settings.

4. In the Account Settings section, click Download Key. KeyControl downloads a file to your browser's default download location called username_kc-ip-addr.key.gen#, where username is the currently logged in KeyControl account name, kc-ip-addr is the KeyControl IP address into which you are currently logged in, and # is the generation count. For example, secroot_10.238.66.235.key.gen8.

5. If you want to remove the Admin Key part from the KeyControl encrypted object store, click Clear Key. If you later attempt to download the key part after clearing it, you will get an error stating that the key part does not exist. You will need to regenerate the key as described in Generating the Admin Key.