Decrypting Backups

Veeam Backup & Replication automatically decrypts backup files stored in repositories either using passwords that you specify when adding these repositories to the backup infrastructure or using Azure Key Vault cryptographic keys automatically detected by Veeam Backup & Replication. If you do not specify decryption passwords or Veeam Backup & Replication does not have permissions to access cryptographic keys, the backup files remain encrypted.

  • To decrypt backup files encrypted using a cryptographic key, make sure that the service account specified when creating a new repository or adding an existing repository to the backup infrastructure is assigned permissions required to access Azure Key Vault cryptographic keys. For more information on the required permissions, see Permissions.
  • To decrypt backup files encrypted using a password, do the following:
  1. In the Veeam Backup & Replication console, open the Home view.
  2. Navigate to Backups > External Repository (Encrypted).
  3. Expand the backup policy that protects an Azure VM whose image-level backups you want to decrypt, select the backup chain that belongs to the VM and click Specify Password on the ribbon.

Alternatively, you can right-click the necessary backup chain and select Specify password.


To decrypt all backups created by a backup policy, right-click the policy and select Specify Password.

  1. In the Specify Password window, enter a password that was used to encrypt the data stored in the target repository.

Backup decryption

Related Topics