Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. NetBackup key management service
  9. Command line interface (CLI) commands
  11. Create a new key
NetBackup™ Security and Encryption Guide

Create a new key

To create a new key, use the NetBackup Key Management Service (KMS) utility command (the nbkmsutil command) with the included arguments.

# nbkmsutil -help -createkey
nbkmsutil -createkey [ -nopphrase ]
-keyname <key_name>
-kgname <key_group_name>
[ -activate ]
[ -desc <description> ]

Note:

The default key state is prelive.

-nopphrase

Creates the key without using a pass phrase. If this option is not specified, the user is prompted for a pass phrase.

-keyname

Specifies the name of the new key (it should be unique within the key group to which it belongs).

-kgname

Specifies the name of an existing key group to which the new key should be added.

-activate

Sets the key state to active (default key state is prelive).

Note:

A salt is generated when you create a new key using a pass phrase. In the event where you try to recover a key, the system prompts you for a salt along with the pass phrase and key tag.

Feedback

Was this page helpful?
Previous

Create a new key group

Next

Modify key group attributes

Feedback

Was this page helpful?