Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. Data at rest encryption security
  9. Configuring standard encryption on clients
  11. About configuring standard encryption from the server
  13. Manual retention to protect key file pass phrases
NetBackup™ Security and Encryption Guide

Manual retention to protect key file pass phrases

Manual retention is the most secure method for protecting your key file pass phrases.

When you add a phrase by using the bpkeyutil command, complete manual retention as follows:

  • Write the phrase on paper.

  • Seal the paper in an envelope

  • Put the envelope into a safe.

If you subsequently need to restore from encrypted backups and you have lost the key file, do the following:

  • Reinstall NetBackup.

  • Use bpkeyutil to create a new key file by using the pass phrases from the safe.

Feedback

Was this page helpful?
Previous

Best practices for key file restoration

Next

Automatic backup of the key file

Feedback

Was this page helpful?