Skip to main content

Promotion and Import/Export

When you move records between Universal Controllers, any encrypted data those records contain must be handled so that the target Controller can decrypt it. This page explains how encrypted data behaves during Promotion and Import/Export.

info

The word "promote" is used in two different ways with respect to Data Encryption Keys:

  • Promotion: the Universal Controller feature for migrating records from one Controller to another, using Bundles and Promotion. This page covers how records that contain encrypted data behave during promotion.
  • The Promote command: a command that moves the Data Encryption Keys themselves to another Controller. See Managing Keys - Promote.

Promoting Records That Contain Encrypted Data

Many record types contain encrypted fields, such as passwords and secrets. How that encrypted data is handled when the record is promoted depends on the target Controller:

  • If the target is Universal Controller 8.0.1.0 or later with Data Encryption Keys enabled: the encrypted data is re-encrypted on the target with the target's current Primary Data Encryption Key.
  • If the target is an earlier release, or does not have Data Encryption Keys enabled: the encrypted data is converted back to the legacy, pre-Data-Encryption-Key format.

Prerequisites

To promote records with encrypted data to a target Controller that has Data Encryption Keys enabled, make sure the target Controller has both of the following, or the promoted data cannot be decrypted:

After the records are promoted, their encrypted data is re-encrypted with the target Controller's current Primary Data Encryption Key.

Encrypted Field Data Records

The following record types contain encrypted data. Whether each can be promoted is noted below.

RecordPromotable
CredentialsYes
Email ConnectionsYes
OAuth ClientsYes
AI SettingsNo
Promotion TargetsNo
Promotion SchedulesNo
LDAP SettingsNo
SAML Single Sign-On SettingsNo
AgentsNo