Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Cloud Administrator's Guide
  5. Configuring cloud storage in NetBackup
  7. Saving a record of the KMS key names for NetBackup cloud storage encryption
Veritas NetBackup™ Cloud Administrator's Guide

Saving a record of the KMS key names for NetBackup cloud storage encryption

It is recommended that you save a record of the encryption key names and tags. The key tag is necessary if you need to recover or recreate the keys.

Saving a record of the NetBackup KMS server key names

Use the following procedure to save a record of the key names if NetBackup KMS server is configured when you enable the encryption setting during storage server configuration for cloud storage.

See About data encryption for cloud storage.

To save a record of the key names

  1. To determine the key group names, use the following command on the master server:

    UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkgs

    Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkgs

    The following is example output:

    Key Group Name        : CloudVendor.com:symc_backups_gold
Supported Cypher      : AES_256
Number of Keys        : 1
Has Active Key        : Yes
Creation Time         : Tues Oct 01 01:00:00 2013
Last Modification Time: Tues Oct 01 01:00:00 2013
Description           : CloudVendor.com:symc_backups_gold
  2. For each key group, write all of the keys that belong to the group to a file. Run the command on the master server. The following is the command syntax:

    UNIX: /usr/openv/netbackup/bin/admincmd/nbkmsutil -listkeys -kgname key_group_name > filename.txt

    Windows: install_path\Program Files\Veritas\NetBackup\bin\admincmd\nbkmsutil.exe -listkeys -kgname key_group_name > filename.txt

    The following is example output:

    nbkmsutil.exe -listkeys -kgname CloudVendor.com:symc_backups_gold > encrypt_keys_CloudVendor.com_symc_backups_gold.txt 

    Key Group Name        : CloudVendor.com:symc_backups_gold
Supported Cypher      : AES_256
Number of Keys        : 1
Has Active Key        : Yes
Creation Time         : Tues Jan 01 01:00:00 2013
Last Modification Time: Tues Jan 01 01:00:00 2013
Description           : Key group to protect cloud volume
FIPS Approved Key     : Yes

 Key Tag               : 532cf41cc8b3513a13c1c26b5128731e
                          5ca0b9b01e0689cc38ac2b7596bbae3c
 Key Name              : Encrypt_Key_April
 Current State         : Active
 Creation Time         : Tues Jan 01 01:02:00 2013
 Last Modification Time: Tues Jan 01 01:02:00 2013
 Description           : -
						
Number of Keys: 1
  3. Include in the file the pass phrase that you used to create the key record.
  4. Store the file in a secure location.
Saving a record of an external KMS server key names

Refer to your KMS server documentation for key recovery steps.

Feedback

Was this page helpful?
Previous

Configuring a disk pool for cloud storage

Next

Adding backup media servers to your cloud environment

Feedback

Was this page helpful?