Encryption Key management via built in Commvault

Question

Hello All,

We are working on encrypting all of our jobs (backups) via software encryption on the policies. While setting it up I was curious on how the option “No Access” works. Would we be given the option to store the decryption key somewhere else or is it all stored in Commvault regardless? If it is stored in Commvault how do we get to the key to save it for later decryption use. I know “Via Media Password” has it stored in the library and now I wonder if it is possible to get to that decryption key as well.

Thank you all for the help! (Sorry if I didn’t make it clear, I will try to clarify if there is any confusion)

icon

Best answer by Jos Meijer 23 April 2022, 12:46

View original

Jos Meijer · Accepted Answer

No access results in not writing the access key tot the media, the commserve database is needed to access the encrypted data. With the commserve internal kms system the decryption key remains hashed in the commserve database. There is no way to get this except with help of support/dev. So in order to ensure recoverability later on, regularly save a DR backup to a location which is safe and within your reach.

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded