We’ve discussed encrypting backups on Informix 11 and 12 using the BACKUP_FILTER and RESTORE_FILTER onconfig parameters in an earlier article. While effective, this involved writing scripts, using external tools and managing encryption keys manually. Using the new onkstore utility (see technical article here), with Informix 14.10 Integrated Backup Encryption, ontape and onbar backups can now be encrypted and decrypted natively.
As before, there is obviously some risk here, as if the keys are lost it can render your backups essentially useless. We therefore strongly recommend only using this with a cloud based key store, as this method uses envelope encryption to ensure your backups can always be restored.
Although we recommend using a cloud key store, for the purpose of this article, a local key will be used. As above, we would not recommend doing so for a production system. Read on to learn more about Informix 14.10 Integrated Backup Encryption: