NetBackup Key Management Service (KMS) command line examples

The nbkms service is a master-server-based service that provides encryption keys to the media server BPTM processes. (KMS will also work with Advanced Disk and Cloud backups)

KMS works with encryption capable tape drives. KMS is integrated into NetBackup in such a way so as to eliminate difficulties in using NetBackup from a system management perspective.

This document provides a brief listing of various command line examples:

  • To install KMS
    nbkms -createemptydb
  • Create the key group
    nbkmsutil -creatkg -kgname ENCR_volumepoolname
  • Create a key record
    nbkmsutil -createkey -kgname ENCR_volumepool \
        -keyname keyname -activate -desc "message"
  • To list all of the keys
    nbkmsutil -listkeys -kgname keyname
  • Modify key attributes
    nbkmsutil -modifykey -keyname <key_name> \
        -kgname <key_group_name> \
        [ -state <new_state> ] [ -activate ] \
        [ -name <new_name_for_the_key> ] [ -desc <new_description> ]
  • Get details of key groups
    nbkmsutil -listkgs \
        [ -kgname <key_group_name> ] [ -cipher <type> ] \
        [ -emptykgs ] [ -noactive ] [ -noverbose ]
  • Get details of keys
    nbkmsutil -listkeys -kgname <key_group_name> \
        [ -keyname <key_name> ] [ -activekey ] [ -noverbose ]
  • Delete a key group
    nbkmsutil -deletekg -kgname <key_group_name>
  • Delete a key
    nbkmsutil -deletekey -keyname <key_name> \
        -kgname <key_group_name>
  • Options for quiescing
    nbkmsutil -quiescedb
    nbkmsutil -unquiescedb