Key Management System Keys
Starting from Veeam Backup & Replication 12.1 (build 22.214.171.1241), you can encrypt backup files with Key Management System (KMS) keys based on an asymmetric key encryption algorithm. These keys are managed and rotated by an external KMS server. This mechanism provides a more secure environment in comparison with password-based keys which use a symmetric key encryption algorithm and are managed manually by the administrator.
You can use KMS keys to encrypt backup files on the following encryption levels:
- Job-level encryption:
- Backup and backup copy jobs
- Veeam Agent backup jobs managed by Veeam Backup & Replication
- File backup jobs and object storage backup jobs
- Transaction log backup and backup copy jobs
- VeeamZIP jobs
For more information about job-level encryption, see Storage Settings.
If you use Veeam Cloud Connect repositories as a target backup storage, you can also use KMS keys for the following jobs:
- Storage-level encryption:
- Backup repositories that store backup files created by:
- Veeam Backup for Nutanix AHV
- Veeam Backup for RHV
- Veeam Backup for Kasten K10
For more information about storage-level encryption for Veeam Backup & Replication additional solutions, see Managing Permissions of Backup Repositories.
- Capacity tier repositories. For more information about storage-level encryption for capacity tier repositories, see Encryption for Capacity Tier.
- Media pools and GFS media pools. For more information about storage-level encryption for tape devices, see Tape Encryption.
- External repositories (decryption only).
The following jobs and repositories do not support data encryption with KMS keys:
In This Section