The following example uses the Key Protect private API endpoint if you are using HPCS you will have a private API endpoint specific to your instance that looks something like. The service ID associated with our API key above needs Reader access to the Key Protect or HPCS instance to perform this operation. In order to generate a new password for use with Veeam, we will use this token to call the Key Protect or HPCS API to generate an AES256 key and “wrap” (that is, encrypt) it with a root key. This token will be used in each of the following use cases. # Bearer token is now present in $tokenResponse.access_token
$tokenResponse = Invoke-RestMethod -Uri $tokenURI -Method POST -Body $body -Headers $headers
For this purpose we will use IBM Cloud’s recently released private endpoint for the IAM token service, which allows us to avoid connection to the public internet provided we have enabled VRF and service endpoints in our account. Our first step is to use an IBM Cloud service ID API key to authenticate with IBM Cloud IAM and obtain a limited–time token that we will provide as our authorization for Key Protect or HPCS APIs. In this article, I will demonstrate how you can use IBM Cloud Key Protect or IBM Cloud Hyper Protect Crypto Services (HPCS) to create and manage your Veeam encryption passwords. Veeam provides a set of PowerShell encryption cmdlets for this purpose. As a result, you must implement automation if you want to achieve Veeam backup encryption without your administrators and operators having direct knowledge of your encryption passwords. However, neither of these offerings allows integration with an external key manager for key storage and lifecycle. You can ensure the resiliency of these keys either with a password–encrypted backup of your Veeam configuration or by using Veeam Backup Enterprise Manager, which can protect and recover these passwords using an asymmetric key pair managed by Enterprise Manager.
Veeam works hard to protect these passwords from exposure, to the degree that Veeam support cannot recover your passwords.
Veeam Backup and Replication offers the ability to encrypt your backups using passwords, which function as a kind of envelope encryption key for the encryption keys protecting the actual data.
0 kommentar(er)
