--- title: "Password-Based Backup and Restore Using SCP - SGX" slug: "fortanix-dsm-password-based-backup-and-restore-using-scp-sgx" updated: 2026-04-01T07:30:51Z published: 2026-03-18T06:33:15Z canonical: "support.fortanix.com/fortanix-dsm-password-based-backup-and-restore-using-scp-sgx" --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Password-Based Backup and Restore Using SCP - SGX ## 1.0 Introduction This article describes the Fortanix-Data-Security-Manager (DSM) password based backup and restore procedures for an SGX machine using SCP backup type. ## 2.0 Configuring Backup Using SCP This section describes the steps to configure backups using SCP before or after creating a Fortanix Data Security Manager cluster. Perform the following steps: 1. Edit the `config.yaml` file to add the following properties to enable backups in SCP, which is your backup destination. *For more information about the*`config.yaml`*file, refer to “Section 5.4: Configure Other Nodes for Joining the Cluster” in the*[*Fortanix Data Security Manager Installation Guide - On-Prem*](https://support.fortanix.com/docs/fortanix-data-security-manager-installation-guide-on-prem#54-configure-other-nodes-for-joining-the-cluster): > [!NOTE] > NOTE > > By default, all the CRON jobs schedules are in the UTC time zone. - For Fortanix DSM version 3.23 and above, use the following sample configuration: ```bash backup:   cron_schedule: "1 1 * * *"   backup_mode: "snapshot"   exclude_auditlog: true   scp:     server_ip: "ip_address"     username: "administrator"     password: "********"     path: "/home/administrator/backup" ``` - For Fortanix DSM version 4.6 and above, use the `authmode` parameter with the value `password` or `privatekey`: ```bash backup:   cron_schedule: "1 1 * * *"   backup_mode: "snapshot"   exclude_auditlog: true   scp:     server_ip: "ip_address"     authmode: "password"     username: "administrator"     password: "********"     path: "/home/administrator/backup" ``` Where, - `authmode` can be set to either `password` or `privatekey`. - `backup_mode` can be set to snapshot. - `exclude_autditlog` can be set to either `true` or `false`. It is recommended that the value is set to `true`. 2. Run the following command to redeploy the cluster to apply changes to the `config.yaml` file: ```bash sdkms-cluster deploy --config config.yaml --stage DEPLOY ``` 3. Run the following command to navigate to `bin` folder: ```bash cd /opt/fortanix/sdkms/bin ``` 4. Run the following command to execute the `run_sdkms_backup.sh` script to perform the manual backup: ```bash ./run_sdkms_backup.sh ``` 5. Run the following command to verify the status of the backup: ```bash kubectl logs -l job-name=sdkms-backup-manual ``` After executing the `run_sdkms_backup.sh` script, the `DEPLOY` pod and `sdkms-manual backup` pod starts or shows the status as `RUNNING`. Wait until the job is completed and the status changes to `COMPLETED`. > [!NOTE] > NOTE > > Ensure that Cassandra and appropriate data and secrets are backed up to the SCP (target node) as shown in the following image: > > ![SCP_Backup.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/11620792224276.png) > > **Figure 1: SCP Backup** *For steps to back up the audit log, refer to*[*Fortanix DSM Backup for Audit Log*](/v1/docs/fortanix-dsm-backup-for-audit-log)*.* *For steps to disable the backup configuration, refer to*[*Disable Backup Configuration*](/v1/docs/introduction-to-fortanix-dsm-backup-and-restore#60-disable-backup-configuration)*.* ## 3.0 Recovering the Data *For a step-by-step procedure on data recovery, refer to*[*Fortanix DSM Restoration Guide - Automated*](/v1/docs/fortanix-dsm-restoration-guide-automated)*.* Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface. Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface. ## Related - [Passwordless-Based Backup and Restore Using SCP - SGX](/fortanix-dsm-passwordless-based-backup-and-restore-using-scp-sgx.md) - [Fortanix Support Sign Up Process](/fortanix-support-sign-up-process.md) - [Fortanix DSM with Double Key Encryption for Microsoft 365](/fortanix-dsm-with-double-key-encryption-for-microsoft-365.md) - [Restoration Guide - Automated](/fortanix-dsm-restoration-guide-automated.md)