Skip to main content

CDP Backup Encryption

Overview

Continuous Data Protection (CDP) Backup Encryption allows you to secure your node backups by encrypting them using a user-defined passphrase. This ensures that backup data remains protected from unauthorized access.

When backup encryption is enabled, all CDP backups created for the node are encrypted at rest, and the passphrase is required during backup restoration.

Key Features

  • Secure backup data using strong encryption
  • User-controlled passphrase
  • Protects backup data from unauthorized access
  • Required passphrase during backup restore
  • Encryption applied automatically to all CDP backups

When Should You Use Backup Encryption?

Backup encryption is recommended when:

  • Your workload contains sensitive data
  • You need compliance with security policies
  • You want additional protection for backups
  • You are running production workloads

How Backup Encryption Works

  1. User enables CDP Backup during node creation.
  2. User selects Backup Encryption.
  3. A passphrase is provided by the user.
  4. The system encrypts all future backups using this passphrase.
  5. During restore, the same passphrase is required.

Enabling CDP Backup Encryption

During Node Creation (UI)

  1. Navigate to Create Node.
  2. Select your node configuration.
  3. Enable CDP Backup.
  4. Enable Backup Encryption.
  5. Enter your backup encryption passphrase.
  6. Create the node.

During Backup Activation (Manage CDP Backups)

  1. Navigate to Services > CDP Backups.
  2. Click Activate Backup for your node.
  3. In the Backup Schedule Configuration window, enable Backup Encryption.
  4. Enter your backup encryption passphrase.
  5. Complete the backup activation.

Restoring Encrypted Backups

To restore an encrypted backup:

  1. Select the backup you want to restore.
  2. Enter the backup encryption passphrase.
  3. Start the restore process.

If the passphrase is incorrect, the restore process will fail.

Important Notes

  • The same passphrase is required to restore backups.
  • Backup encryption only protects backup data, not the running node.
  • Encryption settings cannot be changed after the backup service is activated.
warning

If the passphrase is lost, the backup cannot be restored. There is no recovery option. Store your passphrase securely before enabling encryption.

note

Backup encryption settings cannot be modified after the backup service is activated. To change encryption settings, you must deactivate and reactivate the backup service.

Best Practices

  • Use a strong passphrase.
  • Store your passphrase in a secure password manager.
  • Do not share your passphrase with unauthorized users.
  • Use different passphrases for node encryption and backup encryption if required.