According to the documentation, one can back up the KASP using the mdb_dump command. Now I understand things correctly, this will just back up the public component of key pairs, plus some metadata for the zones the public keys are associated with.
Are there any provisions in Knot concerning the backing up of the private components of key pairs, or is this something that must be done separately and within the context of whatever cryptographic provider is used?