Configuring KMS credentials
To configure external KMS in NetBackup, you need to first configure the credentials that NetBackup uses to authenticate with the external KMS server. As part of this step, you need to specify the path for public key Infrastructure (PKI) artifacts that are required for certificate-based authentication. The following information is required:
Certificate file path
Keystore file path
Trust store file path
Passphrase or passphrase file path
Note:
After external KMS configuration or keys are updated, NetBackup may take several minutes to consume appropriate key in backup or restore workflow. This is because NetBackup caches the key for 10 minutes (for external KMS). To immediately consume a key, cache can be cleared by executing the following command on the respective media server:
bpclntcmd -clear_host_cache
To configure KMS credentials
- Run the following command:
nbkmscmd -configureCredential -credName credential_name -certPath certificate_file_path -privateKeyPath private_key_file_path -trustStorePath CA_certificate_file_path [-passphrasePath private_key_passphrase_file_path] [-crlCheckLevel LEAF | CHAIN | DISABLE] [-server master_server_name] [-description description]