Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. NetBackup key management service
  9. Configuring KMS
  11. About key groups and key records
  13. About creating key records
NetBackup™ Security and Encryption Guide

About creating key records

The next step is to create an active key record. The key record can either be created in the prelive state and then transferred to the active state. Or the key record can be created directly in the active state.

A key record consists of the following critical pieces of information:

  • Name

    Name that is given to a Key, should be unique within a KG. The renaming of a Key is supported if the new name is unique within the KG.

  • Key Tag

    Unique Key identifier (not mutable).

  • Key Group Tag

    Unique KG identifier, to which this Key belongs (not mutable).

  • State

    Key's current state (mutable).

  • Encryption key

    Key, used to encrypt or decrypt the backup or restore data (not mutable).

  • Description

    Any description (mutable).

  • Creation Time

    Time of Key creation (not mutable).

  • Last Modification Time

    Time of last modification to any of the mutable attributes (not mutable).

The following key record states are available:

  • Prelive, which indicates that the record has been created, but has not been used

  • Active, which indicates that the record and key are used for encryption and decryption

  • Inactive, which indicates that the record and key cannot be used for encryption. But they can be used for decryption

  • Deprecated, which indicates that the record cannot be used for encryption or decryption

  • Terminated, which indicates that the record can be deleted

Feedback

Was this page helpful?
Previous

About creating key groups

Next

Overview of key record states

Feedback

Was this page helpful?