BAR_ENCRYPTION configuration parameter

Use the BAR_ENCRYPTION parameter to encrypt the backups.

onconfig.std value: Not set. Backup data is not encrypted.
takes effect: When ON-Bar starts.

Usage

Use the BAR_ENCRYPTION configuration parameter to enable backup encryption, set the path to the keystore containing the credentials to access a remote key server or the path of a keyfile containing the backup encryption key, and specify the encryption cipher.

Syntax for the BAR_ENCRYPTION configuration parameter

>>-BAR_ENCRYPTION--keystore--=--keystore_name------------------>
                '--keyfile---=--keyfile_name--'
>--+--------------------------+--------------------------------->
   '-,--cipher--=--+-aes128-+-'   
                   +-aes192-+     
                   '-aes256-'

Table 1. Options for the BAR_ENCRYPTION configuration parameter value
Field	Value
keystore	The `keystore` specifies the name of the keystore and stash file names. The files are created in the ONEDB_HOME/etc directory: `keystore`.p12 = The keystore file that contains the security certificates. `keystore`.sth = The stash file that contains the encryption password. You must manually back up the keystore and password stash files. These files are not backed up when you run a back up with the ON-Bar or ontape utilities.
keyfile	The `keyfile` specifies the full path of a text file that contains a backup encryption key of suitable size for the cipher chosen. The key must be encoded in base64 format.
cipher	Specifies the encryption cipher: aes128 = Default. Advanced Encryption Standard cipher with 128-bit keys. aes192 = Advanced Encryption Standard cipher with 192-bit keys. aes256 = Advanced Encryption Standard cipher with 256-bit keys.