Veeam B&R for DR - do I have a catch 22?

[rdbastedo]

Here is the scenario I have set up:

Twin 75TB NAS systems as backup repositories, one at the production data center and the other at the DR remote site.
Veeam B&R 9.5 running on a VM at the remote site connected to primary backup repository located in the same rack.
Secondary backup repository located at the local data center where all production servers reside.
The NAS machines are synced.
There is dedicated fiber connecting the two locations.

I have enabled encryption on the configuration backup that runs daily.
We keep our configuration backup encryption password in a password management system located on a share in the production data center.
Both the configuration backup and the password management system files get backed up, all backups are replicated between the two repositories and also backed up to tape.
Tapes are sent offsite weekly.

We are covered if either the local or the remote site go offline.

However if both sites go offline and we have to recover from tape it seems we will have a problem.

If the configuration backup and the configuration backup encryption password are both located on the tapes and nowhere else will we be able to access the backups?
Wouldn't we need to import the configuration file into a new instance of Veeam B&R and then connect that to a new tape drive and load our backup tapes?

Is this a classic catch 22?
If so what's considered best practice here, how do I get to my tape backups in this scenario?
Do we need to find another location to keep our VBR configuration file and encryption password?

[Regnor]

You won't need the Veeam configuration in order to restore from tape; you'll first have to read the whole tape to the empty catalog but afterwards you can restore the files. The encryption password will of course be needed or the files/tapes will be useless. If it's too complicated to remember then print it out (or the recovery key from enterprise manager) and store it at a safe location.

[rdbastedo]

Thank you,
This brings up another question:
If I keep the configuration backup in a third location and can access the encryption password then is it not easier and faster to install a fresh copy of VBR, restore the configuration backup and then recover servers from our tapes?

[Gostev]

Correct, this will be faster and easier*

[rdbastedo]

Thank you Gostev, I will add this step to our plan.

I know this is a SHTF scenario, but I have heard of this sort of thing happening to others so being prepared is the best I can do for my organization.