Key Management System Keys
You can use Key Management System (KMS) keys for data encryption instead of user keys. KMS keys are based on an asymmetric key encryption algorithm. They are managed and rotated by an external KMS server and provide a higher level of security.
You can use KMS keys to encrypt backup files on the following encryption levels:
- Job-level encryption:
- Backup and backup copy jobs
- Veeam Agent backup jobs managed by Veeam Backup & Replication
- File backup jobs and object storage backup jobs
- Transaction log backup and backup copy jobs
- VeeamZIP jobs
For more information about job-level encryption, see Storage Settings.
Note |
If you use Veeam Cloud Connect repositories as a target backup storage, you can also use KMS keys for the following jobs:
|
- Storage-level encryption:
- Backup repositories that store backup files created by:
- Veeam Backup for Nutanix AHV
- Veeam Backup for OLVM and RHV
- Veeam Kasten for Kubernetes
For more information about storage-level encryption for Veeam Backup & Replication additional solutions, see Managing Permissions of Backup Repositories.
- Capacity tier repositories. For more information about storage-level encryption for capacity tier repositories, see Encryption for Capacity Tier.
- Media pools and GFS media pools. For more information about storage-level encryption for tape devices, see Tape Encryption.
- External repositories (decryption only).
Important |
The following jobs and repositories do not support data encryption with KMS keys:
|
In This Section