StorageCraft ShadowProtect, the last product that we used prior to taking up with Veeam, had absolutely no way to recover the encryption keys. None. Nada. Zippo. Zilch.Yeah totally understand.
However if all backup chains are accessible now, the encryption password hash should already be in your config DB. If you make sure you create backups of that configuration and encrypt that config backup (this is needed to also backup the encryption passwords).
You should always have a way to decrypt the backups (local or cloud). As the hash is already known.
There is also a way to decrypt the current password in the local DB, Veeam support has a tool for this.
There were plenty of warnings prior to hitting GO when setting up backup encryption.
All y'all just opened a Pandora's Box by making public the keys are easily accessible.
That renders the whole "security" narrative moot.
Am I wrong?
Statistics: Posted by MPECSInc — May 28, 2025 9:12 pm
