You can perform the following tasks to manage a key management server (KMS):
Note
- You are recommended to take a backup of the keys that the KMS generate. Do not use Commvault software to back up the keys.
- The Commvault software rotates the keys in a time frequency of maximum 90 days.
- Certificates are deprecated. Authentication now requires App Registration with a Client Secret.
- For Microsoft 365 (M365) or any service that includes bundled storage, you must open a support case to have the Key Vault assigned.
- Additional keys can be rotated using the self-service process.
- You can change the KMS associated with a storage pool. Changing the KMS does not impact existing data, provided the change is completed successfully.
- After changing the KMS or performing key rotation, the previous key is not required for restoring older data. The Key Encryption Key (KEK) is protected using the new key.
- Re-copying or re-encrypting existing data is not required after changing the KMS or rotating keys.