Excluding the Embedded KMS from a Backup
Warning
If you set the backup option to exclude and turn off the automatic inclusion of the keystore, you are responsible for saving keystore (the embedded KMS) to a secure location. If you cannot access your PKCS #11 secured wallet (or external KMS if you are using one), or lose your encryption keys, you will not be able to decrypt any of your encrypted data (including backups).
By default, the MarkLogic Server-embedded KMS (the PKCS #11 secured wallet) is automatically included in a backup. You can exclude the embedded wallet using the options in admin:cluster-set-keystore-backup-option. The include or exclude options enable you to choose whether to have the embedded KMS included as part of backups.
xquery version "1.0-ml"; import module namespace admin = "http://marklogic.com/xdmp/admin" at "/MarkLogic/admin.xqy"; let $option := "exclude" let $config := admin:get-configuration() return admin:cluster-set-keystore-backup-option($config,$option)
Setting the option to exclude prevents the embedded KMS from being included in the backup.