Examples of cloud KMS configuration using nbkmscmd command

The -keyname parameter of the nbkmscmd command specifies the unique identifier of the cloud KMS key:

For AWS: KMS Key ARN (for example: arn:aws:kms:ap-south- 1:123456789012:key/abcd1234-56ef-78gh-90ij-klmnopqrstuv)
For GCP: Resource Name (for example: projects/demo-project/locations/useast1/ keyRings/demo-ring/cryptoKeys/demo-key)
For Azure: Key URI (for example: https://demo-keyvault.vault.azure.net/keys/demokey/ abcd1234567890)

The -keyGroupName parameter can be a name that you can use in NetBackup for easier identification and management. This is the name that you can use to create MSDP storage server.

Amazon Web Services (AWS)

nbkmscmd -createKey \

-name aws-kms-server-name \

-keyname arn:aws:kms:region:account-id:key/key-id \

-keyGroupName aws-key-group-name \

-algorithm AWS_SYMMETRIC_DEFAULT

nbkmscmd -createKey \

-name aws-kms-server-name \

-keyname arn:aws:kms:region:account-id:key/key-id \

-keyGroupName aws-key-group-name \

-algorithm RSA_OAEP_256

Google Cloud Platform (GCP)

nbkmscmd -createKey \

-name gcp-kms-server-name \

-keyname projects/project-id/locations/<location>/keyRings/<key-ringname>/ cryptoKeys/crypto-key-name \

-keyGroupName gcp-key-group-name \

-algorithm GOOGLE_SYMMETRIC_ENCRYPTION

Microsoft Azure

nbkmscmd -createKey \

-name azure-kms-server-name \

-keyname https://keyvault-name.vault.azure.net/keys/key-name \

-keyGroupName azure-key-group-name \

-algorithm RSA_OAEP_256

Examples of cloud KMS configuration using nbkmscmd command

Feedback

Feedback