Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section III. Encryption of data at rest
  7. NetBackup key management service
  9. Command line interface (CLI) commands
  11. Modify key protection key (KPK)
NetBackup™ Security and Encryption Guide

Modify key protection key (KPK)

To modify the key protection key, use the NetBackup Key Management Service (KMS) utility command (the nbkmsutil command) with the included arguments.

The KPK is used to encrypt the KMS keys. Currently, the KPK is per keystore. To modify the current KPK, the user should provide an optional seed or pass phrase. Also, provide an ID (KPK ID) that can remind us of the specified pass phrase. Both the pass phrase and KPK ID are read interactively.

# nbkmsutil -help -modifykpk
nbkmsutil -modifykpk [ -nopphrase ]

Feedback

Was this page helpful?
Previous

Get key protection key (KPK) ID

Next

Get keystore statistics

Feedback

Was this page helpful?