Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ AdvancedDisk Storage Solutions Guide
  5. Configuring AdvancedDisk
  7. Configuring key management for NetBackup AdvancedDisk storage encryption
  9. Saving a record of the KMS key names for NetBackup AdvancedDisk storage encryption
Veritas NetBackup™ AdvancedDisk Storage Solutions Guide

Saving a record of the KMS key names for NetBackup AdvancedDisk storage encryption

Veritas recommends that you save a record of the encryption key names and tags. The key tag is necessary if you need to recover or recreate the keys.

See Configuring key management for NetBackup AdvancedDisk storage encryption.

To save a record of the key names

  1. To determine the key group names, use the following command on the master server:

    UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkgs

    Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkgs

    The following is example output:

    Key Group Name        : UX_Host.example.com:backups
Supported Cipher      : AES_256
Number of Keys        : 1
Has Active Key        : Yes
Creation Time         : Tues Oct 01 01:00:00 2013
Last Modification Time: Tues Oct 01 01:00:00 2013
Description           : -
FIPS Approved Key     : Yes
    Key Group Name        : Win_Host.example.com:
Supported Cipher      : AES_256
Number of Keys        : 1
Has Active Key        : Yes
Creation Time         : Tues Oct 01 01:05:00 2013
Last Modification Time: Tues Oct 01 01:05:00 2013
Description           : -
FIPS Approved Key     : Yes
  2. For each key group, write all of the keys that belong to the group to a file. Run the command on the master server. The following is the command syntax:

    UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname key_group_name > filename.txt

    Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkeys -kgname key_group_name > filename.txt

    The following is example output:

    nbkmsutil.exe -listkeys -kgname UX_Host.example.com:backups > encrypt_keys_UX_Host.example.com_backups.txt

    Key Group Name        : UX_Host.example.com:backups
Supported Cipher      : AES_256
Number of Keys        : 1
Has Active Key        : Yes
Creation Time         : Tues Oct 01 01:00:00 2013
Last Modification Time: Tues Oct 01 01:00:00 2013
Description           : -
FIPS Approved Key     : Yes

  Key Tag               : 867d710aa7f4c64dcdd2cec6...cce
                          d0c831c1812c510acd05
  Key Name              : AdvDisk_Key
  Current State         : ACTIVE
  Creation Time         : Tues Oct 01 01:05:00 2013
  Last Modification Time: Tues Oct 01 01:05:00 2013
  Description           : -
  FIPS Approved Key    : Yes

Number of Keys: 1
  3. Include in the file the pass phrase that you used to create the key record.
  4. Store the file in a secure location.

Feedback

Was this page helpful?
Previous

Creating a KMS key for NetBackup AdvancedDisk storage encryption

Next

Configuring an AdvancedDisk storage server

Feedback

Was this page helpful?