Storing the BitLocker key safe is essential. Here are the steps to back up the BitLocker recovery key from the Control panel and PowerShell command.
BitLocker is the built-in encryption feature in Windows 10 & 11. It lets you encrypt any internal or external drive with just a few clicks. In fact, Windows automatically encrypts systems that meet specific requirements. This means that only authorized persons can access the data in the encrypted drive.
While encrypting a drive, it gives you a few options to back up the BitLocker recovery key. The recovery key is helpful to decrypt and recover data when you forget the password. If you did not create a backup while configuring BitLocker or lost the recovery key, you could still create additional recovery key backups as long as you have the BitLocker password of the encrypted drive.
In this quick Windows tutorial, I will show you the step-by-step process of backing up the BitLocker recovery key to a file or your Microsoft account using the Control Panel and PowerShell commands. Let’s get started.
Before You Start
- You need administrator rights to access BitLocker settings.
- To back up the BitLocker key, you need the BitLocker password. You cannot unlock the drive to back up the key without the password.
Backup BitLocker Recovery Key Using the Control Panel
- Click the Start button on the taskbar.
- Search and open the “Control Panel“.
- Select “Large icons” from the “View by” dropdown.
- Click on “BitLocker Drive Encryption“.
- Expand the BitLocker drive for which you want to back up the recovery key.
- Click the “Back up your recovery key” option.
- Click “Save to a file“.
- Select a folder to save the file.
- Click the “Save” button.
- Click “Finish” in the main window.
- With that, you have successfully backed up the recovery key.
Note: If you are using the Microsoft account sign-in (online account) on your computer, you can back up the recovery key to your Microsoft account by selecting the “Save to your Microsoft account” option in step 7.
Detailed Steps (With Screenshots)
First, open the Control Panel. You can search for it in the start menu’s search bar. Once the Control Panel is opened, select “Large icons” from the “View by” dropdown menu. After that, find and click the “BitLocker Drive Encryption” option.
In the BitLocker window, you will see all the drives on your computer. Find the BitLocker drive for which you want to back up the recovery key and expand it by clicking on the little arrow icon. Next, click on the “Back up your recovery key” link.
The above action will open the “BitLocker Drive Encryption recovery wizard”. Select the method you want to use for the recovery. In my case, I’m choosing the “Save to a file” option.
Note: If you don’t want to save the BitLocker recovery key locally, I recommend selecting the “Save to your Microsoft Account” option. It saves the BitLocker recovery key to your Microsoft account to access it anywhere and at any time.
If you select the “Save to a file option” you will see the “Save as” window. Here, navigate to a folder where you want to save the recovery key and click the “Save” button.
Click the “Finish” button in the BitLocker wizard to close it.
That is it. You’ve successfully backed up the BitLocker recovery key. Open the saved file, and find the key under the Recovery Key heading. I’ve highlighted that part in the below image. You should enter this key when you forget or lose the BitLocker password.
If you backed it up to the Microsoft account, follow these steps to find your BitLocker recovery key.
PowerShell Command to Backup BitLocker Recovery Key
- Press the Start button.
- Search for PowerShell.
- Click the “Run as Administrator” option.
- Run the following command while replacing “<DriveLetter>” with the actual drive letter of the drive for which you want to back up the recovery key.
(Get-BitLockerVolume -MountPoint <DriveLetter>).KeyProtector > $env:UserProfile\Desktop\BitLocker_Recovery_Key.txt
- As soon as you run the command, the BitLocker recovery key is saved to your desktop.
Detailed Steps (With Screenshots)
First, open the Start Menu, search for “PowerShell,” right-click on the result, and choose the “Run as Administrator” option. This will open an elevated PowerShell window.
In the PowerShell window, execute the below command after replacing the “<DriveLetter>” with the drive letter of the BitLocker encrypted drive. For example, I want to back up the recovery key of my I: drive. So, I replaced it with the drive letter “I”.
(Get-BitLockerVolume -MountPoint <DriveLetter>).KeyProtector > $env:UserProfile\Desktop\BitLocker_Recovery_Key.txt
Once you execute the command, the BitLocker recovery key will be saved as a text file to your desktop. You will not see any response in the PowerShell window. You can close it.
Open the text file, and you will see the recovery key right next to “Recovery Password“. I’ve highlighted that part in the image below.
Wrapping Up — Backing Up the BitLocker Recovery Key
As you see, when you need to, backing up the BitLocker recovery key is nothing hard. Simply go to the Control Panel window and select the Back up your recovery key and you are good to go. If you are using Microsoft account sign-in I recommend you back up your recovery key to your Microsoft account. That way, you can be sure that no one but you can access the recovery key. If you are saving it to a file, make sure to keep the file in a secure drive. If you are ever in need, follow these steps to recover your BitLocker drive using the recovery key.
If you have any questions or need help, comment below. I’ll be happy to assist. Also, for less important files, you can simply create a locked folder instead of using BitLocker. Follow the link to learn how.