Saving a record of the KMS key names for NetBackup cloud storage encryption
Veritas recommends that you save a record of the encryption key names and tags. The key tag is necessary if you need to recover or recreate the keys.
See About data encryption for cloud storage.
To save a record of the key names
- To determine the key group names, use the following command on the master server:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkgs
Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkgs
The following is example output:
Key Group Name : CloudVendor.com:symc_backups_gold Supported Cypher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Oct 01 01:00:00 2013 Last Modification Time: Tues Oct 01 01:00:00 2013 Description : CloudVendor.com:symc_backups_gold
- For each key group, write all of the keys that belong to the group to a file. Run the command on the master server. The following is the command syntax:
UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname key_group_name > filename.txt
Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkeys -kgname key_group_name > filename.txt
The following is example output:
nbkmsutil.exe -listkeys -kgname CloudVendor.com:symc_backups_gold > encrypt_keys_CloudVendor.com_symc_backups_gold.txt
Key Group Name : CloudVendor.com:symc_backups_gold Supported Cypher : AES_256 Number of Keys : 1 Has Active Key : Yes Creation Time : Tues Jan 01 01:00:00 2013 Last Modification Time: Tues Jan 01 01:00:00 2013 Description : Key group to protect cloud volume FIPS Approved Key : Yes Key Tag : 532cf41cc8b3513a13c1c26b5128731e 5ca0b9b01e0689cc38ac2b7596bbae3c Key Name : Encrypt_Key_April Current State : Active Creation Time : Tues Jan 01 01:02:00 2013 Last Modification Time: Tues Jan 01 01:02:00 2013 Description : - Number of Keys: 1 - Include in the file the pass phrase that you used to create the key record.
- Store the file in a secure location.