Configure encryption key storage for backups

Configure whether OpsCenter stores the encryption keys for each node along with the SSTables. When tables in a cluster use the DataStax Enterprise Transparent Data Encryption, encryption keys from each node are stored in remote locations alongside the data. Encryption key storage is enabled by default in the OpsCenter Backup Service and is highly recommended.

Any encryption keys associated with a table are backed up.

  1. In the OpsCenter navigation menu, click your cluster’s name, and then select Services.

  2. Click the Backup Service’s Details link.

  3. Click the Settings tab.

    Configure optional Backup Service features in the Settings tab

  4. Click the Configure link for Encryption Key Storage.

  5. To store encryption keys alongside the backup data, toggle Encryption Key Storage to On.

    To disable this functionality, toggle Encryption Key Storage to Off. This isn’t recommended.

    If Encryption Key Storage is enabled, and a cluster has encrypted keyspaces, then the encryption key for each node is stored in the backup location along with the data. If you disable this option, you must ensure that the encryption key is available on all nodes prior to restoring encrypted tables.

  6. Click Save.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2025 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM