NetBackup Key Management Service (KMS) command line examples

Published 20 Nov 2014 Read time 1 min 4 sec(s) (3315 views). NetBackup

The nbkms service is a master-server-based service that provides encryption keys to the media server BPTM processes. (KMS will also work with Advanced Disk and Cloud backups)

KMS works with encryption capable tape drives. KMS is integrated into NetBackup in such a way so as to eliminate difficulties in using NetBackup from a system management perspective.

This document provides a brief listing of various command line examples:

To install KMS
```
nbkms -createemptydb
```

Create the key group

nbkmsutil -creatkg -kgname ENCR_volumepoolname

Create a key record

nbkmsutil -createkey -kgname ENCR_volumepool \
    -keyname keyname -activate -desc "message"

To list all of the keys
```
nbkmsutil -listkeys -kgname keyname
```

Modify key attributes

nbkmsutil -modifykey -keyname <key_name> \
    -kgname <key_group_name> \
    [ -state <new_state> ] [ -activate ] \
    [ -name <new_name_for_the_key> ] [ -desc <new_description> ]

Get details of key groups

nbkmsutil -listkgs \
    [ -kgname <key_group_name> ] [ -cipher <type> ] \
    [ -emptykgs ] [ -noactive ] [ -noverbose ]

Get details of keys

nbkmsutil -listkeys -kgname <key_group_name> \
    [ -keyname <key_name> ] [ -activekey ] [ -noverbose ]

Delete a key group

nbkmsutil -deletekg -kgname <key_group_name>

Delete a key

nbkmsutil -deletekey -keyname <key_name> \
    -kgname <key_group_name>

Options for quiescing

nbkmsutil -quiescedb
nbkmsutil -unquiescedb