Refreshing Backup Exec Database encryption keys

Last published : Apr 02, 2026
Backup Exec stores sensitive information in the Backup Exec Database using encryption. A database encryption key is used to encrypt information such as login account credentials and the keys that are used for encrypted backup jobs, for example. The key is stored in the Data folder in the Backup Exec installation directory. It is required for many disaster recovery and migration scenarios.
Backup Exec automatically creates the Backup Exec Database encryption key. However, you may want to refresh the key if the existing key is compromised in any way. You may also be required to change the key if your organization requires that keys or passwords be changed periodically.
Note: You must have a functioning database encryption key to complete the procedure below.
Complete the following procedure to refresh the Backup Exec Database encryption key.
To refresh Backup Exec Database encryption keys
  1. In Windows, click Startand then clickRun.
  2. Type Regeditand then clickOK.
    Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. You should take great care when you make changes to the Windows registry. Registry modifications should only be carried out by persons who are experienced in the use of the registry editor application. It is recommended that you make a complete backup of the registry and computer before making any registry changes.
  3. Locate and right-click the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Server\DatabaseEncryptionAction
  1. Click Modify.
  2. In the Value datafield, type2.
  3. Click OK.
  4. Restart all Backup Exec services.
Backup Exec creates a new Backup Exec Database encryption key. It is recommended that you export the new key to a secure location so that you can access it later if it is needed.
See Exporting the Backup Exec Database encryption key.
Related information