Displaying KMS key information for cloud storage encryption
You can use the nbkmsutil command to list the following information about the key groups and the key records:
|
Key groups | |
|
Keys |
Note:
It is recommended that you keep a record key information. The key tag that is listed in the output is necessary if you need to recover keys.
To display KMS key group information
- To list all of the key groups, use the nbkmsutil with the -listkgs option. The following is the command format:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkgs
Windows: install_path\Veritas\NetBackup\bin\admincmd\nbkmsutil -listkgs
The following is example output on UNIX hosted storage. On Windows, the volume name is not used.
nbkmsutil -listkgs Key Group Name : CloudStorageVendor.com:symc_volume_for_backups Supported Cypher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Jan 01 01:00:00 2013 Last Modification Time: Tues Jan 01 01:00:00 2013 Description : -
To display KMS key information
- To list all of the keys that belong to a key group name, use the nbkmsutil with the -listkgs and -kgname options. The following is the command format:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname AdvDiskServer1.example.com:AdvDisk_Volume
Windows: install_path\Veritas\NetBackup\bin\admincmd\nbkmsutil -listkeys -kgname AdvDiskServer1.example.com:
The following is example output on UNIX hosted storage. On Windows, the volume name is not used.
nbkmsutil -listkeys -kgname CloudStorageVendor.com:symc_volume_for_backup Key Group Name : CloudStorageVendor.com:symc_volume_for_backups Supported Cypher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Jan 01 01:00:00 2013 Last Modification Time: Tues Jan 01 01:00:00 2013 Description : - Key Tag : 532cf41cc8b3513a13c1c26b5128731e5ca0b9b01e0689cc38ac2b7596bbae3c Key Name : Encrypt_Key_April Current State : Active Creation Time : Tues Jan 01 01:02:00 2013 Last Modification Time: Tues Jan 01 01:02:00 2013 Description : -
You can also use the nbkmscmd command to list the keys from NetBackup KMS and external KMS server. You need to ensure that a Symmetric encryption key already exists in the external KMS server with a custom attribute with value of key group in the 'storage_server_name:volume_name' format.
To display the key information for NetBackup KMS and external KMS
- Run the following command to retrieve the KMS server configuration names.
nbkmscmd -listkmsconfig
- Run the following command to retrieve key information for a key group from the KMS server.
nbkmscmd -listkeys -name KMS_server_name -keyGroupName key_group_name -jsonRaw