Restoring a LOCAL Key (CLI)

To restore a LOCAL key that was deleted, create a new LOCAL key with the same key name and value as the deleted key. You must have first recorded, or backed up, this information before the key was deleted. The backup procedure is described in Backing Up a LOCAL Key (CLI). Although deleting a LOCAL key renders shares inaccessible, the shares can be made accessible again by recreating the LOCAL key. For information about restoring keys stored in the OKM keystore, refer to the Oracle Key Manager documentation on the Oracle Help Center.

Use the following procedure to restore a backed up LOCAL key.

Note:

If the key name is in use with a different key value for existing shares, change the key used for those shares before restoring the original LOCAL key. For more information, see Changing a Share Encryption Key (CLI).

1. Retrieve the key name and value for the LOCAL key from your backup location.
2. Create a key in the LOCAL keystore.

   hostname:shares encryption local keys> create

3. Name the key based on the backup.

   hostname:shares encryption local key-005 (uncommitted)> set keyname=Mykey
        keyname = Mykey (uncommitted)

4. Set the key value based on the backup.

   hostname:shares encryption local key-005 (uncommitted)> set key=key-value
        key = key-value (uncommitted)

5. Save the key.

   hostname:shares encryption local key-005 (uncommitted)> commit

   If the key name is used with existing shares, you will be alerted:

   Existing shares reference the key Mykey from the LOCAL keystore. Are you sure? (Y/N)

   To overwrite the key value in the existing shares, type Y. Type N to not add the new key. You can then change the key used for those shares before repeating this procedure and restoring the original key. For more information, see Changing a Share Encryption Key (CLI).

Related Topics

• Changing a Share Encryption Key (CLI)

• Backing Up a LOCAL Key (CLI)

• Deleting an Encryption Key (CLI)