Key Management System Keys
You can use Key Management System (KMS) keys for data encryption instead of secret keys based on a password. KMS keys are based on an asymmetric key encryption algorithm. They are managed and rotated by an external KMS server and provide a higher level of security.
You can use KMS keys to encrypt backup files on the following encryption levels:
- Job-level encryption:
- Backup and backup copy jobs
- Veeam Agent backup jobs managed by Veeam Backup & Replication
- File backup jobs and object storage backup jobs
- Transaction log backup and backup copy jobs
- VeeamZIP jobs
For more information about job-level encryption, see Job Encryption.
Note |
If you use Veeam Cloud Connect repositories as a target backup storage, you can also use KMS keys for the following jobs:
|
- Storage-level encryption:
- Backup repositories that store backup files created by:
- Veeam Backup for Nutanix AHV
- Veeam Backup for OLVM and RHV
- Veeam Kasten for Kubernetes
For more information about storage-level encryption for Veeam Backup & Replication additional solutions, see Encrypting Standalone Application Backups in Backup Repositories.
- Capacity tier repositories. For more information about storage-level encryption for capacity tier repositories, see Encryption for Capacity Tier.
- Media pools and GFS media pools. For more information about storage-level encryption for tape devices, see Tape Encryption.
- External repositories (decryption only).
Important |
The following jobs and repositories do not support data encryption with KMS keys:
|
In This Section