How can I automate exporting encryption keys (.pem files) from Veeam Enterprise Manager? (EM / Configuration / Key_Management / Export)
Thanks, Ned
-
ned
- Enthusiast
- Posts: 33
- Liked: 7 times
- Joined: Dec 09, 2014 9:13 pm
- Full Name: Ned Thomas
- Contact:
-
veremin
- Product Manager
- Posts: 20283
- Liked: 2257 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
- Contact:
Re: Export keys in Enterprise Manager
Enterprise Manager does not have PowerShell snap-in or PowerShell module. Its RESTful APIs do not allow key export. So, currently there is no way to achieve what you're after. Thanks!
-
ned
- Enthusiast
- Posts: 33
- Liked: 7 times
- Joined: Dec 09, 2014 9:13 pm
- Full Name: Ned Thomas
- Contact:
Re: Export keys in Enterprise Manager
Was this added to v10?
-
oleg.feoktistov
- Veeam Software
- Posts: 1918
- Liked: 636 times
- Joined: Sep 25, 2019 10:32 am
- Full Name: Oleg Feoktistov
- Contact:
Re: Export keys in Enterprise Manager
No changes in regards to it so far. Thanks!
-
ned
- Enthusiast
- Posts: 33
- Liked: 7 times
- Joined: Dec 09, 2014 9:13 pm
- Full Name: Ned Thomas
- Contact:
Re: Export keys in Enterprise Manager
Any update in VBR v11?
-
oleg.feoktistov
- Veeam Software
- Posts: 1918
- Liked: 636 times
- Joined: Sep 25, 2019 10:32 am
- Full Name: Oleg Feoktistov
- Contact:
Re: Export keys in Enterprise Manager
No update on this matter yet. Thanks!
-
falkob
- Veeam Vanguard
- Posts: 86
- Liked: 31 times
- Joined: Sep 28, 2017 7:47 am
- Full Name: Falko Banaszak
- Contact:
Re: Export keys in Enterprise Manager
Any plans on supporting this in the near future or next versions ? Key lifecycle management would be great if it would be achievable through PWSH or REST. Thanks !
VCP6.5-DCV, VCP6-DCV, VMCE, VMCA, Veeam Vanguard, VMware vExpert
https://www.virtualhome.blog
https://www.virtualhome.blog
-
oleg.feoktistov
- Veeam Software
- Posts: 1918
- Liked: 636 times
- Joined: Sep 25, 2019 10:32 am
- Full Name: Oleg Feoktistov
- Contact:
Re: Export keys in Enterprise Manager
Hi Falko,
We remember about it, cannot promise that it can be implemented in the near future though.
Thanks,
Oleg
We remember about it, cannot promise that it can be implemented in the near future though.
Thanks,
Oleg
-
hwextreme
- Lurker
- Posts: 1
- Liked: never
- Joined: Aug 23, 2023 8:55 am
- Full Name: Phil Burgess
- Contact:
Re: Export keys in Enterprise Manager
Hi Veeam
I do not see any references in the Rest AIP in V12 that can do this. Any plans for this to be added?
I will be raising this with our account manager as a feature request as this is required for any enterprise environment. You cannot rely on a manual process to confirm that encryption keys are safe.
Phil
I do not see any references in the Rest AIP in V12 that can do this. Any plans for this to be added?
I will be raising this with our account manager as a feature request as this is required for any enterprise environment. You cannot rely on a manual process to confirm that encryption keys are safe.
Phil
-
falkob
- Veeam Vanguard
- Posts: 86
- Liked: 31 times
- Joined: Sep 28, 2017 7:47 am
- Full Name: Falko Banaszak
- Contact:
Re: Export keys in Enterprise Manager
This i still something I would love to see in the Enterprise Manager, like I've written before, key lifecycle management is crucial to some enterprise customers. At the moment this is a complete manual task, despite the fact, that you do not get an E-Mail / Notifications / Veeam ONE Alarm as well if someone rotates the key. So in summary what I would love to see is:
- Triggering key management via PowerShell / REST
- Getting an E-Mail / Notifications / Veeam ONE Alarm or any other form of information so that Administrators know that the key has changed
This information is crucial in a DR scenario where you would need to go for challenge response or import the key again.
Personally, I did (and do) always advise at the cusomters to copy the configuration backup files to one or more locations, because configuration backup is still not HA capable. You unfortunately need to use File COpy (without a retention option as well...) to copy the configuration backup files to another location. Within the same job I always process the exported keysets from enterprise manager to have both things a.) the config backup and b.) the last used key handy in a DR scenario.
Hope this gives some more insights, as I think this is very important.
Cheers
Falko
- Triggering key management via PowerShell / REST
- Getting an E-Mail / Notifications / Veeam ONE Alarm or any other form of information so that Administrators know that the key has changed
This information is crucial in a DR scenario where you would need to go for challenge response or import the key again.
Personally, I did (and do) always advise at the cusomters to copy the configuration backup files to one or more locations, because configuration backup is still not HA capable. You unfortunately need to use File COpy (without a retention option as well...) to copy the configuration backup files to another location. Within the same job I always process the exported keysets from enterprise manager to have both things a.) the config backup and b.) the last used key handy in a DR scenario.
Hope this gives some more insights, as I think this is very important.
Cheers
Falko
VCP6.5-DCV, VCP6-DCV, VMCE, VMCA, Veeam Vanguard, VMware vExpert
https://www.virtualhome.blog
https://www.virtualhome.blog
Who is online
Users browsing this forum: No registered users and 11 guests