Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. NetBackup key management service
  9. KMS database constituents
  11. About periodically updating the HMK and KPK
NetBackup™ Security and Encryption Guide

About periodically updating the HMK and KPK

The HMK and KPK can be updated periodically using the modifyhmk and modifykpk options of the KMS CLI. These operations prompt you for a new pass phrase and ID and then update the KPK/HMK. You can choose either a random or a pass phrase-based KPK/HKM at each such invocation.

Note:

It is a best practice to use the -usepphrase option when modifying the HMK and KPK so that you are required to use a known pass phrase for future recovery. With the -nopphrase option, KMS generates a random pass phrase that is unknown and eliminates the possibility of future recovery if needed.

Feedback

Was this page helpful?
Previous

Importance of the KPK ID and HMK ID

Next

Backing up the KMS keystore and administrator keys

Feedback

Was this page helpful?