Creating keys in an external KMS
You can use NetBackup to create keys in an external KMS. NetBackup must have the required permissions to create keys in the external KMS.
To create keys in an external KMS
- Run the following command:
nbkmscmd -createkey -name configuration_name -keyGroupName keygroup_name -keyName key_name -comment comments
The createKey command creates a key in active state. For external KMS, you can have multiple active keys in a key group. NetBackup uses the latest active key. The command also sets all the required attributes for the key.
Note:
After any update in external KMS configuration or key related changes, NetBackup may take some time to consume appropriate key in backup or restore workflow. This is because NetBackup caches the key for 10 min (for external KMS). To consume the key immediately, run the following command on the respective media server to clear the cache:
bpclntcmd -clear_host_cache.