If you are using Amazon S3 buckets with Server Side Encryption (SSE) disabled at the bucket policy level, you can optionally instruct Commvault software to write SSE-S3 or SSE-KMS encrypted objects.
Note
Reading encrypted data is transparent to Commvault software, as long as the required access to KMS key is granted.
Procedure
-
Apply the following additional settings to your MediaAgents and/or Access Nodes performing read/write activities to your Amazon S3 encrypted cloud storage.
For instructions about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.
Additional Setting |
Category |
Type |
Value |
---|---|---|---|
MediaAgent |
Integer |
Enter one of the following values:
|
|
MediaAgent |
String |
Use this key to set the KMS key ID, when the value of nCloudS3ServerSideEncryption is set to 2. Create the key from AWS console and get the KMS key ID. If this key is not set, the default AWS KMS key will be used. |