Active Enterprise Manager keys are the keys that are currently used in the encryption process:
- Public Enterprise Manager key encrypts storage keys on Veeam backup servers connected to Veeam Backup Enterprise Manager.
- Private Enterprise Manager key decrypts storage keys in case a password for encrypted backup or tape is lost.
After you create a new keyset, you need to activate it. As a result of activation, Veeam Backup Enterprise Manager performs the following actions:
- Public Enterprise Manager key is propagated to all Veeam backup servers connected to Veeam Backup Enterprise Manager.
- Private Enterprise Manager key remains on Veeam Backup Enterprise Manager and marked as active.
You can activate a keyset manually - for that, do the following:
- In Veeam Backup Enterprise Manager, go to the Configuration > Key Management section.
- Select an inactive keyset in the list.
- Click Activate on the right of the list.
Note that manual activation can be performed for any keyset in the list (generated manually or automatically).
If you want your automatically generated keysets to be activated automatically upon creation, then you should configure the retention policy settings, as described in the next section.
Consider that manually generated keysets will require manual activation, anyway.