4.7.6. Procedure – Encrypting configuration backups with GPG


You can encrypt the configuration file of PSM during system backups using the public-part of a GPG key. The system backups of PSM contain other information as well (for example, databases), but only the configuration file is encrypted. Note that system backups do not contain audit-trail data.

When exporting the configuration of PSM, or creating configuration backups, always use encryption. Handle the exported data with care, as it contains sensitive information, including credentials. For details on encrypting the configuration, see Procedure 4.7.6, Encrypting configuration backups with GPG.

For details on restoring configuration from a configuration backup, see Procedure 23.9, Restoring PSM configuration and data.


It is not possible to directly import a GPG-encrypted configuration into PSM, it has to be decrypted locally first.


You have to configure a backup policy before starting this procedure. For details, see Section 4.7, Data and configuration backups.

You need a GPG key which must be permitted to encrypt data. Keys that can be used only for signing cannot be used to encrypt the configuration file.


  1. Navigate to Basic Settings > Management > System backup.

  2. Select Encrypt configuration.

  3. Select .

    • To upload a key file, click Browse, select the file containing the public GPG key, and click Upload. PSM accepts both binary and ASCII-armored GPG keys.

    • To copy-paste the key from the clipboard, paste it into the Key field and click Set.

  4. Click .