This article describes how to disable data key sharing. Data keys are the raw bytes used to encrypt backup data. By default, data keys only exist on the source device and a trusted authority server or external keystore. By default, an authority server shares data keys with storage servers that request them for purposes of maintenance or web restore.
To improve system security, you can disable sharing data keys. In hybrid installations, you might disable key sharing because you do not want to send data keys off-premises regardless of the functional limitations.
When data key sharing is disabled, users cannot perform web restores. However, users can still perform restores from the Code42 app on their devices, and maintenance can still run on storage server archives.
Disable data key sharing
- Double-click the logo in the upper-left corner of the administration console.
The command-line interface appears in the administration console.
- To view the current value of the data key sharing setting in your Code42 environment, enter the following prop.show command:
A returned value of 0 properties indicates that data key sharing is enabled by default.
- Enter the following
prop.setcommand at the top of the command-line interface to disable data key sharing:
prop.set c42.dataKeySharing.enabled false save all
Setting a new value with a
prop.setcommand overwrites any existing value.
- To verify the new setting in your Code42 environment, enter the following command: