See below to back up the state of a Cryptographic Security Platform installation comprising one or several nodes.

Backing up the state of a single-node Cryptographic Security Platform installation

When installed in a single node, follow the step below to back up the state of the Cryptographic Security Platform installation.

To back up the state of a single-node Cryptographic Security Platform installation

1. Run the clusterctl backup create command to generate a backup file – for example:
   
   $ sudo clusterctl backup create --file /home/sysadmin/202341014.bkp --password 7Txsxu

1. If the deployed solutions use databases, back up the database contents as explained in Backing up the database.
2. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, backup the device configuration as explained in Backing up the HSM. 
3. Move all the backup data from the Cryptographic Security Platform node to a secure location – for example, using an SFTP client.

Backing up the state of a multi-node Cryptographic Security Platform installation

When installed in several nodes, perform the step below in any node to back up the state of the Cryptographic Security Platform installation

To back up the state of a multi-node Cryptographic Security Platform installation

1. Run the clusterctl backup create command to generate a backup file – for example: 
   $ sudo clusterctl backup create --file /home/sysadmin/202341014.bkp --password 7Txsxu
2. Manually backup the following data.
   • The key and certificate for TLS
   • The registration credentials
   • The volume capacity policies configured with the clusterctl volume capacity command.
   • The retention policies configured wit the clusterctl retention config logs and clusterctl retention config metrics commands.
   • The proxy settings are configured with the clusterctl proxy set command.
3. Follow the steps described in Backing up solution settings to back up the CA Gateway, Certificate Enrollment Gateway and Certificate Manager solutions.  

   The settings of the other solutions are automatically included in the backup file generated with the clusterctl backup create command.

4. If the deployed solutions use databases, back up the database contents as explained in Backing up the database.
5. If the deployed solutions use an HSM (Hardware Security Module) to protect private keys, backup the device configuration as explained in Backing up the HSM.
6. Move all the backup data from the Cryptographic Security Platform node to a secure location – for example, using an SFTP client.