--- title: CDP Backup Encryption --- # CDP Backup Encryption ## Overview **Continuous Data Protection (CDP) Backup Encryption** allows you to secure your node backups by encrypting them using a **user-defined passphrase**. This ensures that backup data remains protected from unauthorized access. When backup encryption is enabled, all CDP backups created for the node are **encrypted at rest**, and the passphrase is required during **backup restoration**. ## Key Features - Secure backup data using **strong encryption** - **User-controlled passphrase** - Protects backup data from unauthorized access - Required passphrase during **backup restore** - Encryption applied automatically to all CDP backups ## When Should You Use Backup Encryption? Backup encryption is recommended when: - Your workload contains **sensitive data** - You need **compliance with security policies** - You want **additional protection for backups** - You are running **production workloads** ## How Backup Encryption Works 1. User enables **CDP Backup** during node creation. 2. User selects **Backup Encryption**. 3. A **passphrase** is provided by the user. 4. The system encrypts all future backups using this passphrase. 5. During restore, the same passphrase is required. ## Enabling CDP Backup Encryption ### During Node Creation (UI) 1. Navigate to **Create Node**. 2. Select your **node configuration**. 3. Enable **CDP Backup**. 4. Enable **Backup Encryption**. 5. Enter your **backup encryption passphrase**. 6. Create the node. ### During Backup Activation (Manage CDP Backups) 1. Navigate to **Services > CDP Backups**. 2. Click **Activate Backup** for your node. 3. In the **Backup Schedule Configuration** window, enable **Backup Encryption**. 4. Enter your **backup encryption passphrase**. 5. Complete the backup activation. ## Restoring Encrypted Backups To restore an encrypted backup: 1. Select the backup you want to restore. 2. Enter the **backup encryption passphrase**. 3. Start the restore process. If the passphrase is incorrect, the restore process will fail. ## Important Notes - The **same passphrase is required to restore backups**. - Backup encryption only protects **backup data**, not the running node. - Encryption settings **cannot be changed** after the backup service is activated. :::warning If the passphrase is lost, the backup **cannot be restored**. There is no recovery option. Store your passphrase securely before enabling encryption. ::: :::note Backup encryption settings **cannot be modified** after the backup service is activated. To change encryption settings, you must deactivate and reactivate the backup service. ::: ## Best Practices - Use a **strong passphrase**. - Store your passphrase in a **secure password manager**. - Do not share your passphrase with unauthorized users. - Use **different passphrases** for node encryption and backup encryption if required. ---