Using Remote Keystore

The encryption keystore provides centralized management of volume encryption passwords. This feature allows you to store and manage encryption passwords securely, simplifying the process of unlocking encrypted volumes.

See also. To learn how to configure your remote keystore, see Encryption Keystore.

Managing Encryption Passwords

Adding Passwords to Keystore

You can add encryption passwords to the Encryption Keystore in two ways:

  • During volume creation, switch on the Save key in Encryption Store toggle.

  • In the key management interface for existing volumes, if the Enable encryption toggle was on during volume creation and the volume key has not been saved in the keystore.

To add a password for an existing volume:

  1. Navigate to System > System Settings tab > Encryption Keystore pane.

  1. Click Manage keys. The Manage Keys dialog will open.

Tip. If the Manage keys button is disabled, configure your Encryption Keystore first. See Encryption Keystore.

  1. Hover over the volume for which you want to add the encryption key and click the + symbol. The Add Encryption Key dialog will open.

  1. Type the encryption key specified when creating the volume.

  2. Click Save.

Deleting Keys from Keystore

To remove a stored key:

  1. Click Manage keys in the Encryption Keystore pane.

  2. Hover over the desired volume.

  3. Click the button next to the volume name.

Tip. To delete all keys, use the Delete all keys button. You will be prompted to confirm your decision.

Copying Keys from Keystore

If you replicate an encrypted volume, accessing the data on the replica will require providing the key. Encryption Keystore allows you to retrieve the encryption key in case you need it to decrypt such a replica.

To retrieve an encryption key:

  1. Hover over the desired volume.

  2. Click the key symbol to retrieve the encryption key. The Retrieve Key confirmation dialog window will open.

  1. Type your vStor password and the verification code, then click Retrieve key.

  1. After a short while, the encryption key will be ready for retrieval. Click Copy key to copy the encryption key to clipboard, then close the dialog.

Resetting the Encryption Keystore

To reset the Encryption Keystore, use the Reset button.

You will be prompted to confirm your choice.

Use the Delete all associated keys toggle to delete all keys in the Keystore. This feature requires additional confirmation with your vStor password.

Unlocking Encrypted Volumes

To unlock a volume whose encryption key is stored in the Encryption Keystore:

  1. Select the volume from the volumes list.

  2. Select Unlock. The Volume Unlock dialog will open.

  3. Instead of specifying the volume’s encryption key, select Unlock using stored key.

If you prefer not to use the stored password, you can still unlock volumes by entering the encryption password manually.

Security Considerations

  • The Encryption Keystore must be properly configured before storing or using encryption passwords.

  • Removing a password from the keystore does not affect the volume’s encryption settings.

  • All passwords stored in the Encryption Keystore are encrypted.

Attention! Always maintain secure backups of your encryption passwords, even when using the Encryption Keystore.

PreviousUsing GuardMode ScanNextUsing Multipath Storage

Last updated