If you are using Amazon S3 buckets with Server Side Encryption (SSE) disabled at the bucket policy level, you can optionally instruct Commvault software to write SSE-S3 or SSE-KMS encrypted objects.
Note
Reading encrypted data is transparent to Commvault software, as long as the required access to KMS key is granted.
Commvault supports dual-layer server-side encryption with AWS KMS (DSSE-KMS).
Procedure
-
To the MediaAgent computer, add the additional settings as shown in the following table.
For instructions about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.
Additional Setting |
Category |
Type |
Value |
---|---|---|---|
MediaAgent |
Integer |
Enter one of the following values:
|
|
MediaAgent |
String |
Use this key to set the KMS key ID, when the value of nCloudS3ServerSideEncryption is set to 2. Create the key from AWS console and get the KMS key ID. If this key is not set, the default AWS KMS key will be used. |