Step 5. Configure Data Encryption
At the Encryption step of the wizard, you can enable data encryption:
- Click the Enable backup file encryption link.
- Choose whether you want to use a password or KMS key for encryption. For more information on how encryption works, see the Backup Repository Encryption section in the Veeam Backup for AWS User Guide.
- To use KMS keys for encryption, select Perform AWS encryption with the following KMS key and choose the necessary KMS key from the drop-down list. For a key to be displayed in the list of available encryption keys, it must be created as described in AWS Documentation.
After the repository is created, you will be able to change the KMS key only in the Web UI of the Veeam Backup for AWS appliance. For more information, see the Editing Backup Repository Settings section in the Veeam Backup for AWS User Guide.
Mind the following:
- To use a password for encryption, select Perform Veeam encryption with the following password. From the drop-down list, select a password that you want to use.
If you have not added the password beforehand, click the Manage passwords link or the Add button to add a password. For more information on adding passwords, see the Creating Passwords section in the Veeam Backup & Replication User Guide.
If you change the encryption method, you will need to go through the edit wizard of the repository or appliance right after you change the encryption method. For more information, see the Editing Settings of External Repository or Editing Appliance Settings sections.