Step 6. Enable Data Encryption
At the Encryption step of the wizard, choose whether you want to encrypt backups stored in the created repository.
After you create a repository with encryption enabled, you can no longer disable encryption for this repository. However, you will be able to change encryption settings as described in section Editing Backup Repositories.
If you select the Enable backup file encryption check box, also choose whether you want to use a password or an Azure Key Vault cryptographic key to encrypt the backed-up data:
- To encrypt data using a cryptographic key, select the Perform Azure encryption with the following key option and do the following:
- From the Subscription drop-down list, select an Azure subscription to which the Key Vault belongs.
For a subscription to be displayed in the list of available subscriptions, it must be created in Microsoft Azure and associated with the Azure AD tenant to which the service account specified at step 4 of the wizard belongs.
- From the Key vault drop-down list, select the Azure Key Vault where the encryption key is stored.
For an Azure Key Vault to be displayed in the list of available vaults, it must be created in Microsoft Azure as described in Microsoft Docs.
To list Azure Key Vaults and cryptographic keys and further to decrypt backups stored in the repository, Veeam Backup & Replication uses permissions of the service account specified at step 4 of the wizard. For more information on the required permissions, see Permissions.
- From the Encryption key drop-down list, select the necessary cryptographic key.
For a cryptographic key to be displayed in the list of available encryption keys, it must be created in Microsoft Azure as described in Microsoft Docs.
- To encrypt data using a password, select the Perform Veeam encryption with the following password option and choose the necessary password from the drop-down list.
For a password to be displayed in the list of available passwords, it must be added to the Veeam Backup & Replication as described in the Veeam Backup & Replication User Guide, section Creating Passwords.
If you have not added the necessary password beforehand, you can do it without closing the wizard. To add the password, click either the Manage passwords link or the Add button, and specify a hint and the password in the Password window.
If you want to use an Azure Key Vault cryptographic key for encryption at the repository level, consider the following: