NetBackup Key Management Service (KMS) command line examples
The nbkms service is a master-server-based service that provides encryption keys to the media server BPTM processes. (KMS will also work with Advanced Disk and Cloud backups)
KMS works with encryption capable tape drives. KMS is integrated into NetBackup in such a way so as to eliminate difficulties in using NetBackup from a system management perspective.
This document provides a brief listing of various command line examples:
- To install KMS
nbkms -createemptydb
- Create the key group
nbkmsutil -creatkg -kgname ENCR_volumepoolname
- Create a key record
nbkmsutil -createkey -kgname ENCR_volumepool \ -keyname keyname -activate -desc "message"
- To list all of the keys
nbkmsutil -listkeys -kgname keyname
- Modify key attributes
nbkmsutil -modifykey -keyname <key_name> \ -kgname <key_group_name> \ [ -state <new_state> ] [ -activate ] \ [ -name <new_name_for_the_key> ] [ -desc <new_description> ]
- Get details of key groups
nbkmsutil -listkgs \ [ -kgname <key_group_name> ] [ -cipher <type> ] \ [ -emptykgs ] [ -noactive ] [ -noverbose ]
- Get details of keys
nbkmsutil -listkeys -kgname <key_group_name> \ [ -keyname <key_name> ] [ -activekey ] [ -noverbose ]
- Delete a key group
nbkmsutil -deletekg -kgname <key_group_name>
- Delete a key
nbkmsutil -deletekey -keyname <key_name> \ -kgname <key_group_name>
- Options for quiescing
nbkmsutil -quiescedb nbkmsutil -unquiescedb