How to Secure Your JetBackup Master Key for Disaster Recovery
If you are using JetBackup for cPanel, there is one file more important than your backups: the Root Master Private Key.
Since JetBackup “DR-snapshots” are encrypted by default, your backups are useless in a Disaster Recovery (DR) scenario without this key. Here is how to find, backup, and protect it.
1. Locate Your Private Key
The master key is generated automatically upon installation. You can find it on your server at this path: cat /usr/local/jetapps/etc/jetbackup/userkeys/root.rsa
2. Manual Generation (If Missing)
If the file doesn’t exist, you can generate a new one via the JetBackup GUI:
- Navigate to General Settings.
- Click Generate root Master Private Key.
3. Essential Security Best Practices
⚠️ CRITICAL: Uninstalling JetBackup deletes this key. If you haven’t backed it up externally, you will lose access to all encrypted snapshots.
- Download Immediately: Save the
root.rsafile to a secure local machine, encrypted USB, or a password manager (like Bitwarden or 1Password). - Limit Access: Only authorized sysadmins should have access to this key.
- Offline Storage: Keep a copy off the server. If the server goes down, you can’t log in to retrieve the key you need to restore the server!
Related Posts
