You can encrypt the configuration file of SPS during system backups using the public-part of a GPG key. The system backups of SPS contain other information as well (for example, databases), but only the configuration file is encrypted. Note that system backups do not contain audit-trail data.

When exporting the configuration of SPS, or creating configuration backups, always use encryption. Handle the exported data with care, as it contains sensitive information, including credentials. For details on encrypting the configuration, see "Encrypting configuration backups with GPG" in the Administration Guide.

For details on restoring configuration from a configuration backup, see Restoring One Identity Safeguard for Privileged Sessions (SPS) configuration and data to the same SPS appliance.

NOTE: It is not possible to directly import a GPG-encrypted configuration into SPS, it has to be decrypted locally first.


You have to configure a backup policy before starting this procedure. For details, see Data and configuration backups.

You need a GPG key which must be permitted to encrypt data. Keys that can be used only for signing cannot be used to encrypt the configuration file.

To encrypt the configuration file of SPS during system backup

  1. Navigate to Basic Settings > Management > System backup.

  2. Select Encrypt configuration.

  3. Click .

    • To upload a key file, click Browse, select the file containing the public GPG key, and click Upload. SPS accepts both binary and ASCII-armored GPG keys.

    • To copy-paste the key from the clipboard, copy it, paste it into the Key field, then click Set.

  4. Click .