Step 5. Configure Encryption
At the Encryption step of the wizard, you can enable data encryption:
- Select the Enable backup file encryption check box.
- If you want to use a Key Vault key for encryption, select Perform Azure encryption with the following key and do the following:
- From the Subscription drop-down list, select a Microsoft Azure subscription where the Key Vault is created. The drop-down list shows subscriptions from the tenant in which the selected storage account is located.
For a subscription to be displayed in the Subscription drop-down list, it must be created in advance and associated to the Azure account as described in Microsoft Docs.
- From the Key vault drop-down list, select Azure Key Vault where the encryption key is stored.
To get Key Vaults and Key Vault keys, Microsoft Azure Plug-in for Veeam Backup & Replication uses a service account that is added to the appliance and that has access to the tenant in which the selected storage account is located. This service account must have access to Key Vaults and keys. The permissions are listed in Required Permissions.
- From the Encryption key drop-down list, select the key you want to use. Veeam Backup for Microsoft Azure will use the current key version.
Do not disable Key Vault keys used for encryption, otherwise the Veeam Backup for Microsoft Azure appliance will not be able to encrypt data, and backup policies that use encrypted repositories for storing backups will fail.
Do not delete Key Vault keys used for encryption, otherwise the Veeam Backup for Microsoft Azure appliance will not be able to decrypt data stored in these repositories.
- If you want to use a password for encryption, select Perform Veeam encryption with the following password. From the Use the following encryption password drop-down list, select a password that you want to use.
If you have not added the password beforehand, click the Manage passwords link or the Add button to add a password. For more information on adding passwords, see the Creating Passwords section in the Veeam Backup & Replication User Guide.
If you change the encryption method, you will need to go through the edit wizard of the repository or appliance right after you change the encryption method. For more information, see the Editing Settings of External Repository or Editing Appliance Settings sections.