How to retrieve the PGP Encryption Key from a backup
Summary
When migrating the instance to another server, the existing Secure macros may fail to be decrypted due to a PGP Encryption key mismatch. When this happens, you will see an error similar to the image below.
To solve this, you need to migrate the data of the AO_DCA036_GLOBAL_KEY_PAIR table from the old database to the newly migrated instance's database.
Environment
Confluence Server or Data Center
Diagnostics Steps
When decrypting a Secure macro after migration, an "Error" box appears (shown above).
Cause
PGP Encryption key mismatch after migration.
Resolution
Before proceeding with the steps below, we strongly suggest creating the necessary backups or testing the steps first in a staging instance. The steps result in direct database changes. By doing a test run, you can ensure steps are followed correctly and are making the necessary changes.
restore the old backup into a new instance with a separate database
After restoring the backup into the new instance (let's name this instance Server A)
check the PASS_PHRASE, PRIVATE_KEY, and PUBLIC_KEY from AO_DCA036_GLOBAL_KEY_PAIR
 database table of Server A
with the data, move to the new instance and update
AO_DCA036_GLOBAL_KEY_PAIR
 table with the copied keys from Server AUPDATE public."AO_DCA036_GLOBAL_KEY_PAIR" SET"PASS_PHRASE" = Server A PASS_PHRASE, "PRIVATE_KEY" = Server A PRIVATE_KEY, "PUBLIC_KEY" = Server A PUBLIC_KEY;
After this
clear the plugin cache (as recommended by Atlassian)
check if the migrated secure macros can be decrypted
On updating AO_DCA036_GLOBAL_KEY_PAIR
 with the new keys, any secure macros which were created previously in the instance will not be decryptable.
Â