Complete guide for migrating your CLI state from version 1.5.0 or earlier to take advantage of enhanced encryption options and flexible cloud storage with managed KMS keys.
Overview
If you're using Utila CLI version 1.5.0 or earlier, this guide will help you migrate your existing state to take advantage of enhanced encryption options and more flexible storage solutions. The migration process provides out-of-the-box encryption capabilities that previously required custom implementations.
Why Migrate?
In CLI versions up to 1.6.0, your device private keys and key shares were stored with the following limitations:
- Limited additional encryption options: Customers who wanted additional encryption had to create custom solutions.
- Local storage only: No built-in option for cloud storage
The new CLI version provides an out-of-the-box solution for additional encryption if you are using:
- Cloud Storage: AWS S3 bucket or GCP GCS bucket
- Customer-provided encryption: Passphrase, AWS KMS or GCP KMS
More information regarding the CLI state can be found under the State documentation page
Migration Process
The migration involves two essential steps to secure your state:
Step 1: Move Your State
Use the utila state move command to relocate your state to a more secure and convenient location.
utila state move <new-state-location>
utila config set state-location <new-state-location>It's recommended to store the state in a Cloud storage bucket (AWS S3 or GCP GCS bucket).
Step 2: Encrypt Your State
Use the utila state encrypt command to add encryption protection to your migrated state.
utila config set encryption-provider <encryption-provider>
utila state encryptIt's strongly recommended to encrypt the state using a symmetric KMS key.
Benefits of Migration
After completing the migration, you'll enjoy:
- Enhanced security: Additional encryption layer using your own KMS keys on top of existing Nitro Enclave protection
- Flexible storage: Access your state from multiple devices and locations using cloud storage
- Managed encryption: No need to implement custom encryption solutions - use built-in support for major cloud providers
- Future-proof: Compatible with upcoming CLI features and improvements
Need Help?
If you encounter issues during migration or have questions about the process, please refer to our the State documentation page or contact support.