Step 5. Configure Data Encryption

In this article

    At the Encryption step of the wizard, you can enable data encryption:

    1. Click the Enable backup file encryption link.
    2. Choose whether you want to use a password or KMS key for encryption. For more information on how encryption works, see the Backup Repository Encryption section in the Veeam Backup for AWS User Guide.
    • To use KMS keys for encryption, select Perform AWS encryption with the following KMS key and choose the necessary KMS key from the drop-down list. For a key to be displayed in the list of available encryption keys, it must be created as described in AWS Documentation.

    After the repository is created, you will be able to change the KMS key only in the Web UI of the Veeam Backup for AWS appliance. For more information, see the Editing Backup Repository Settings section in the Veeam Backup for AWS User Guide.

    Important

    Mind the following:

    • Only symmetric KMS keys are supported.
    • Do not disable KMS keys used to encrypt repositories, otherwise the Veeam Backup for AWS appliance will not be able to encrypt data, and backup policies that use encrypted repositories for storing backups will fail.
    • Do not delete KMS keys used to encrypt repositories, otherwise the Veeam Backup for AWS appliance will not be able to decrypt data stored in these repositories.
    • To use a password for encryption, select Perform Veeam encryption with the following password. From the drop-down list, select a password that you want to use.

    If you have not added the password beforehand, click the Manage passwords link or the Add button to add a password. For more information on adding passwords, see the Creating Passwords section in the Veeam Backup & Replication User Guide.

    Note

    If you change the encryption method, you will need to go through the edit wizard of the repository or appliance right after you change the encryption method. For more information, see the Editing Settings of External Repository or Editing Appliance Settings sections.

    Step 5. Configure Data Encryption