Creating Encrypted Configuration Backups
Veeam Backup & Replication requires that you encrypt the configuration backup if you have created at least one password in the Password Manager on the backup server.
When you encrypt jobs or tapes with passwords, Veeam Backup & Replication creates a set of keys that are employed in the encryption process. Some encryption keys, for example, storage keys and metakeys, are stored in the configuration database. If a configuration backup was non-encrypted, data from it could be freely restored on any backup server. Encryption keys saved to the configuration database and the content of encrypted files might become accessible for unintended audience.
If the Password Manager contains at least one password, and you do not enable encryption for the configuration backup, Veeam Backup & Replication disables configuration backup. To enable the configuration backup, you must enable encryption in the configuration backup job settings.
After you enable the encryption option, Veeam Backup & Replication will create encrypted configuration backups. Beside encryption keys, the created backups capture credential records specified in the Credentials Manager. When you restore data from such backup, you will not have to enter passwords for credentials records again (unless the passwords for credentials records have changed by the time of restore).
To encrypt the configuration backup:
- From the main menu, select Configuration Backup.
- Select the Enable backup file encryption check box.
- From the Password field, select a password you want to use for encryption. If you have not created a password beforehand, click Add or use the Manage passwords link to specify a new password. For more information, see Managing Passwords for Data Encryption.