Skip to main content
Manage client credentials
Updated over 8 months ago

The Client Credentials enable access to your AWS Key Management System (AWS KMS) to generate and manage the data encryption key (ekey). The ekey once generated is used to encrypt the user data that is then backed up to Druva Cloud.


πŸ“ Note
​This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store the users' ekey and has no access to the data.


Add client credentials

To get started with ekey management, you will need to import the relevant credentials to your Druva CloudRanger account.

  1. Log into your management console and navigate to the Account for which you wish to configure Client Credentials. Click the gear icon on the top navigation bar.

  2. Click Druva Cloud to be directed to the Druva Storage page.

  3. On the Client Credentials tab, click Create Client Credentials.

  4. On the Add Credential page, specify the following:

    • Select the Account and AWS Region for which you wish to generate the key credentials.

    • The Parameter Store Name automatically displays the appropriate AWS Parameter Store within which the credentials are stored.

Delete client credentials

Once imported, you may delete a client credential rule, as needed. However, do consider the business implications prior to deleting a credential if you have associated backups that are encrypted.


πŸ“ Note
​Once you delete a credential with corresponding backups, future snapshots and backups will no longer continue to be stored on Druva Cloud.


To delete a client credential:

  1. Log into your management console and navigate to the Account for which you wish to delete the credential. Click the gear icon on the top navigation bar.

  2. Click Druva Cloud to be directed to the Druva Storage page.

  3. On the Client Credentials tab, select the credential to be deleted and click Remove.

  4. On the confirmation screen, verify the credential that you wish to delete. Click Confirm, delete.

Next steps

Once you define Client Credentials to enable access to and manage your data encryption key (ekey), you may want to set up a backup policy to automate your data protection strategy and manage the backup schedules and retention. Once defined, backup policies can be executed across AWS accounts at the organization level and set to Active or disabled, depending on business requirements. For more information, see Manage Backup Policies.

Did this answer your question?