We want to use encryption for our backup to ensure that our backup data is secure, and when we restore the backup, the decryption key must be required.
Page 1 / 1
To enforce restore-level access on encrypted backups, enable Passkey for Restore — a feature that requires a password even if encryption is already in place.
Quick setup:
-
Enable Passkey
-
Go to CommCell Console > Client > Properties > Security
-
Set a strong passkey under Passkey for Restore
-
Store it securely (e.g., password manager)
-
-
Verify Encryption
-
Check Storage Policy > Copy Properties > Advanced
-
Ensure Encrypt Data is selected (AES-256 recommended)
-
-
Understand Key Dependency
-
Commvault auto-generates encryption keys (DEK → KEK → Master Key)
-
Restore requires the passkey to decrypt data — without it, recovery isn't possible
-
-
Test and Audit
-
Regularly test restores using the passkey
-
Monitor encryption activity and key rotations via audit logs
-
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.