What is a Core Security Backup?

The Core Backup contains the Root Key Material which protects the Master Key, a symmetric key that protects the Data Unit Keys stored on the KMA.

The Root Key Material is key material that is generated when a cluster is initialized. The Core Security backup requires a quorum of users to unwrap the Root Key Material. This security mechanism enables two operational states for the KMA: locked and unlocked. For more information, see Lock/Unlock the KMA.

The Core Backup must precede the first Database Backup and then this core backup only needs to be repeated when members of the Key Split change (quorum). This is a security item handled and protected specially. This is required to restore any backup of the OKM. As a best practice, keep two copies of this backup in two secure locations on a portable media of the customers choice, such USB memory sticks or external hard drives. When a new Core Backup is created and secured, the old ones should be destroyed.