Before restoring SDDC Manager, you must download and decrypt the encrypted backup file from the SFTP server.

The backup file contains sensitive data about your VMware Cloud Foundation instance, including passwords in plain text. As a best practice, you must control access to the decrypted files and securely delete them after you complete the restore operation.


Verify that your host machine with access to the SDDC has OpenSSL installed.


The procedures have been written based on the host machine being a Linux-based operating system.


  1. Identify the backup file for the restore and download it from the SFTP server to your host machine.
  2. On your host machine, open a terminal and run the following command to extract the content of the backup file.
    OPENSSL_FIPS=1 openssl enc -d -aes-256-cbc -md sha256 -in filename-of-restore-file | tar -xz
  3. When prompted, enter the encryption_password.
  4. In the extracted folder, locate and open the metadata.json file in a text editor.
  5. Locate the sddc_manager_ova_location value and copy the URL.
  6. In a web browser, paste the URL and download the OVA file.
  7. In the extracted folder, locate and view the contents of the security_password_vault.json file.
  8. Locate the entityType BACKUP value and record the backup password.