Currently our client is using the built-in KMS server which stores encryption keys in the Commvault Database. As far as I can find, there is no way to extract these keys.
We are looking to transition to Azure Key Vault for storing these keys. It is very easy to change the KMS server, but in theory this would leave us unable to access the previous backups as we technically do not have access to those keys for decryption.
I have searched this extensively and there is no documentation for this (confirmed via Commvault support phone call). What is the proper process for changing the KMS server on a backup location, particularly the built-in KMS server over to a third-party, without losing access to backups?
I did find 1 forum post stating this “just works”, but I need to provide some kind of concrete answer for my higher-ups to be happy.
Thank you in advance!
Best answer by EmilsView original