You can perform the following tasks to manage a key management server:
Note
- You are recommended to take a backup of the keys that the key management servers generate. Do not use Commvault software to back up the keys.
- The Commvault software rotates the keys in a time frequency of maximum 90 days.
- You can change the Key Management Server (KMS) for a storage pool without impacting existing data, provided the change is successful.
- The old key is not required to restore previously encrypted data.
- Data does not need to be recopied or re-encrypted when switching to a new key.
- After key rotation, older data remains accessible because the Key Encryption Key (KEK) is automatically protected with the new key.