Verify existing passwords for encryption

[grantemsley]

It would be really, really nice if in the Manage Credentials screen, there was a "Verify" password right under Edit. That button would prompt you to enter the password and verify that it matches. Right now the only way I've found to make sure I have the correct password is to try to open a backup file with the extract tool. That only works for some backup methods though - I haven't found a way to make sure the password is correct for object storage or NAS backups.

Having all our backups encrypted is great for security - but it would be really nice to make sure the passwords we think are used to decrypt them are correct! In a disaster where our veeam server (and enterprise manager if using that) are gone, we're really going to need those passwords, and I worry someone might have screwed up entering the password into veeam or our password manager, and that the two might not match. Being able to easily test that once in awhile would give me some extra peace of mind.

[Egor Yakovlev]

Hi Grant.

Noted as feature request for future versions.

However:
- The eye icon does reveal real entered password when it's being created in the first place, so chance for mistake diminished.
- Say we add "Verify". You have your encrypted backups with the key of choice. You click "Verify" and it says "Wrong!". Kind of late, huh?
- Last but not least, Veeam Enterprise Manager can export decryption keyset in case you have lost an original passphrase. That must be configured in advance.

Thanks!

[grantemsley]

Thanks!

> Say we add "Verify". You have your encrypted backups with the key of choice. You click "Verify" and it says "Wrong!". Kind of late, huh?

Nope, because I can test it BEFORE I need to do a disaster recovery. If I find out the password is wrong now, we can either figure out the correct password and update our password manager, or set it to the correct password and start new backups right away. If i'm verifying it after the disaster has happened, well them I guess I'm in trouble, but that's on me.

[lee.rivas]

+1 for encrytion verification

[utleyab]

+1 for encryption verification

[tyler.jurgens]

+1 for encryption verification. Would be really nice to see this feature - I always tell all Veeam users to encrypt their backups with a stern warning not to forget that password. This would give a great means of verification. Another scenario is when you take over a Veeam environment from a previous employee. Yes, you should be doing restore tests, but this would be a quick and easy method to at least ensure you have the right encryption key before going down the path to fully testing backups.

[mike.anderson]

+1 for Encryption Verification - kind of a bummer this hasn't been implemented in any shape yet. I have lots of customers ask me about this and the best I have to offer has already been suggested in this thread, or I have them mount their configuration restore.

However:
- The eye icon does reveal real entered password when it's being created in the first place, so chance for mistake diminished.
- Say we add "Verify". You have your encrypted backups with the key of choice. You click "Verify" and it says "Wrong!". Kind of late, huh?
- Last but not least, Veeam Enterprise Manager can export decryption keyset in case you have lost an original passphrase. That must be configured in advance.

The eye icon has a limited character limit it will expose. If your key is long enough you can't see it all.

Agreed that it's not too late, if you're using the Verify option then you're likely using it in advance, there's still time to change the key and run new backups.

Not everyone wants to run enterprise manager, and sometimes being able to export the decryption keyset is actually viewed as a downside. What if you don't want any way to break the key?

[Henrik.Grevelund]

+1 for encryption verification

When writing backup to S3, also sending the configuration backup that way, it's pretty difficult to verify that no one changed it.