Skip to main content
Version: vStor 4.13

Using Remote Keystore

The encryption keystore provides centralized management of volume encryption passwords. This feature allows you to store and manage encryption passwords securely, simplifying the process of unlocking encrypted volumes.

See also.

To learn how to configure your remote keystore, see Encryption Keystore.

Managing Encryption Passwords​

Adding Passwords to Keystore​

You can add encryption passwords to the Encryption Keystore in two ways:

  • During volume creation, switch on the Save key in Encryption Keystore toggle.
  • In the key management interface for existing volumes, if the Enable encryption toggle was on during volume creation and the volume key has not been saved in the keystore.

To add a password for an existing volume:

  1. Navigate to System > System Settings tab > Encryption Keystore pane.
[image expected here]
  1. Click Manage keys. The Manage Keys dialog will open.
[image expected here]
Tip.

If the Manage keys button is disabled, configure your Encryption Keystore first. See Encryption Keystore.

  1. Hover over the volume for which you want to add the encryption key and click the + symbol.
    The Add Encryption Key dialog will open.
[image expected here]
  1. Type the encryption key specified when creating the volume.
  2. Click Save.

Deleting Keys from Keystore​

To remove a stored key:

  1. Click Manage keys in the Encryption Keystore pane.
  2. Hover over the desired volume.
  3. Click the button next to the volume name.
[image expected here]
Tip.

To delete all keys, use the Delete all keys button. You will be prompted to confirm your decision.

Copying Keys from Keystore​

If you replicate an encrypted volume, accessing the data on the replica will require providing the key. Encryption Keystore allows you to retrieve the encryption key in case you need it to decrypt such a replica.

To retrieve an encryption key:

  1. Hover over the desired volume.
  2. Click the key symbol to retrieve the encryption key. The Retrieve Key confirmation dialog window will open.
[image expected here]
  1. Type your vStor password and the verification code, then click Retrieve key.
[image expected here]
  1. After a short while, the encryption key will be ready for retrieval. Click Copy key to copy the encryption key to clipboard, then close the dialog.
[image expected here]

Resetting the Encryption Keystore​

To reset the Encryption Keystore, use the Reset button.

[image expected here]

You will be prompted to confirm your choice.

[image expected here]

Use the Delete all associated keys toggle to delete all keys in the Keystore. This feature requires additional confirmation with your vStor password.

Unlocking Encrypted Volumes​

To unlock a volume whose encryption key is stored in the Encryption Keystore:

  1. Select the volume from the volumes list.
  2. Select Unlock.
    The Volume Unlock dialog will open.
  3. Instead of specifying the volume’s encryption key, select Unlock using stored key.
[image expected here]

If you prefer not to use the stored password, you can still unlock volumes by entering the encryption password manually.

Security Considerations​

  • The Encryption Keystore must be properly configured before storing or using encryption passwords.
  • Removing a password from the keystore does not affect the volume’s encryption settings.
  • All passwords stored in the Encryption Keystore are encrypted.
Attention!

Always maintain secure backups of your encryption passwords, even when using the Encryption Keystore.