What is CyberArk Recovery Utility

This utility is used to recover information from a Safe’s external files in case of loss or corruption of that Safe. The files are decrypted and saved as readable files. The name of the file to be recovered.

The purpose of this blog post is to provide detailed procedures for using the “recover.exe” utility to perform a recovery of all the Vault passwords using a backup taken with the Replicate utility. These steps should only be used in emergencies in the case where ALL Vault servers are unavailable and there is an immediate need for access to account passwords.


There are standard procedures for performing a Vault restore within CyberArk guides that provide steps for running a restore on a new or existing Vault server. Those steps should be followed to get a new/existing Vault back online.

CyberArk Recovery Utility Pre-requisites

  • Create a folder called “Recover”, “Master”, “Backup”, and “Restore” on the server where the recovery will take place
  • Copy the “recover.exe” file that is located under “C:\Program Files(x86)\PrivateArk\Server” on any Vault server to the “Recover” folder
  • Copy the “RecPrv.key” file from the Master CD to the “Master” folder
  • Backup of the Vault data to the “Backup” folder
    • Most backups taken using the Replicate tool will copy the data to “C:\PrivateArk\Safes\Data” on the Component server
    • Copy all the safe contents under \Data to C:\Backup

A step-by-step guide to using CyberArk Recovery Utility to fetch passwords

Recovery of account passwords from one safe:

  • Confirm safes backup is copied to C:\Backup
  • Open a command prompt, browse to “C:\Recover”
  • Run the following:
    • recover.exe “C:\Backup\Safe1\root*.*” C:\restore C:\master
    • NOTE: “Safe1” can be replaced with any specific safe
  • Process will complete and list the number of passwords that were recovered
  • Browse to “C:\Restore” folder to locate files that have been decrypted with
  • passwords now in clear text
    • NOTE: Each file will be named based on the object name in the Vault

Recovery of account passwords from ALL safes:

  • Confirm safes backup is copied to C:\Backup
  • Open a command prompt, browse to “C:\Recover”
  • Run the following:
    • for /D %x IN (C:\Backup*) do recover.exe “%x\root*.*” “C:\Restore\%~nx” C:\Master
    • Note:- Dont change /D at the beginning, change directories for Backup, Restore, and Master as per the directories created on your server
  • Press any key per safe and the restore should run for each safe will put ALL
  • the safes/files beneath the “C:\Backup” folder
  • Browse to “C:\Restore” folder to locate safes\files that have been decrypted
  • with passwords now in clear text
    • NOTE: Each file will be named based on the object name in the Vault

By Satish Venkannagari

Satish Reddy V is a Cyber Security Engineer at a reputed MNC and blogs at CyberSecurityO.com. I am passionate about Cyber Security, Blogging, and Digital Marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *