Using nbkmsutil command to export/import KMS encryption keys

Article: 100053622
Last Published: 2022-08-18
Ratings: 2 1
Product(s): NetBackup

Description

How to export and import KMS encryption keys

 

Export:

Windows:
..\netbackup\bin\admincmd\nbkmsutil -export -path <secure_file_container>

Linux:
/usr/openv/netbackup/bin/admincmd/nbkmsutil -export -path <secure_file_container>

Where <secure_file_container> is the absolute path (including a file name) to where the keys will be exported to.

 

Example:
..\netbackup\bin\admincmd\nbkmsutil -export -path D:\Veritas\Keys.export

NOTE:  By default the entire key store will be exported.  It is possible to export only specific keygroups/keyname pairs.  See link below.
Keys are always exported along with their key group.
The key container is pass phrase protected.

More detailed information can be found here:
https://www.veritas.com/support/en_US/doc/21733320-146139160-0/v102696096-146139160


Import:

Copy the <secure_file_container> to the destination master server and run the following command:

Windows:
..\netbackup\bin\admincmd\nbkmsutil -import -path <secure_file_container>

Linux:
/usr/openv/netbackup/bin/admincmd/nbkmsutil -import -path <secure_file_container>

Where <secure_file_container> is the absolute path (including a file name) to where the export file resides on the destination machine.

Example:
..\netbackup\bin\admincmd\nbkmsutil -import -path C:\Temp\Keys.export

NOTE:  To preview the results of the import without actually making any modifications to the KMS database, use the -preview switch in the command.
You can choose to preserve the keygroup name with the -preserve_kgname switch.  If a keygroup with the same name already exists the import will fail.
Duplicate keys such as keys with the same keytag or the same key are not imported.
The import does not support key group merging.

More detailed information can be found here:
https://www.veritas.com/support/en_US/doc/21733320-146139160-0/v102696099-146139160

 

Was this content helpful?