Tip #241: Back up your encryption key

Dynamics CRM 2013 has field level data encryption on password fields, like the email password field on mailbox records. This feature is enabled by default.

Always be sure that you copy the key and save it in a safe place. You will need it some day.

When you import a copy of an organization in your CRM On Premises deployment, the key will not be regenerated. This means that if you don’t have a copy of the key, you won’t be able to use e-mail or access mailbox records.

Consider the following scenario: you “refresh” your dev environment with a copy of production. After you import the organization, the restored organization will not contain the encryption key, so you will not be able to access mailbox records with encrypted passwords. This is not the end of the world, because you can log in to the original organization, go to settings–>Data Management–>Data Encryption in prod, copy the key, then go and paste it in to dev.

data encryption

But what if you reimport the original organization? Say your CRM server dies, and to restore you do a clean installation of CRM and import the organization from the original database? In this case, you will lose your encryption key and won’t have a place from which to retrieve it.

That’s why I strongly recommend that you keep a copy of the encryption key from every organization in a place where you will be able to find it when you need it.


Leave a Reply

Your email address will not be published. Required fields are marked *