Managing Encryption Keys

In this article

    Veeam Backup Enterprise Manager provides you with an alternative way for data encryption. It lets you decrypt the data in case you have lost or forgotten the password used for data encryption. For more information on the concept, terms and procedures of data encryption, see the Data Encryption section of the Veeam Backup & Replication User Guide.

    For encryption, Veeam Backup Enterprise Manager uses an Enterprise Manager keyset — a pair of matching keys:

    • Public Enterprise Manager key encrypts storage keys on backup servers connected to Veeam Backup Enterprise Manager.
    • Private Enterprise Manager key decrypts storage keys in case a password for encrypted backup or tape is lost.

    To let Veeam Backup & Replication encrypt and decrypt data with Enterprise Manager keys, make sure Enterprise Manager keys are enabled in Veeam Backup Enterprise Manager.

    To enable Enterprise Manager keys, do the following:

    1. In Veeam Backup Enterprise Manager, open the Settings section of the Configuration view.
    2. On the Key Management tab, select the Enable encryption password loss protection check box.
    3. To save the changes, click Save.

    During Veeam Backup Enterprise Manager installation, the setup automatically generates an Enterprise Manager keyset. You can perform the following operations with Enterprise Manager keysets using Enterprise Manager: