Search Knowledge Base
KB #240100: SQL Backup not encrypted
The encryption state of a database does not determine the encryption state of a backup file. The encryption state of newly created backup files is controlled by the “Encrypt New Database and Backups” option.
The encryption state of a newly created backup is not determined by the encryption state of the originating database. Whether backups are encrypted upon creation is determined by Encryptionizer configuration settings when you are securing the SQL instance.
Additionally, Encryptionizer does not change the encryption state of any existing database files or backup files. You must encrypt those specifically using the Encrypt/Decrypt Wizard (can also be done programmatically using API’s)
The “Encrypt New Databases and Backups” option (set in Admin Wizard – Additional Options screen; programmatically with build3, or fn_n_encodenew) directs NetLib to encrypt new databases and backups as each is created.
Only when this flag is set will your newly created backup files be automatically encrypted. The “Encrypt new” has no effect on existing databases and backups.
If you do not wish all backups and all newly created databases to be automatically encrypted upon creation, you can do one of two things:
- Use the “Specify files names to include/exclude when creating new DB’s or backups” to create rules as to which backups should be encrypted. This option is also found on the Additional Options screen
- Do not set the “Encrypt New” flag at time of securing. Change your SQL backup job to toggle the fn_n_encrypt_new flag on to perform the backup,and then off when the job is done. Details on the syntax and use of this flag can be found in the User Guide documentation.
If you modify the Admin Wizard settings while SQL is running, it is important when you secure the SQL instance, that the instance be restarted, as the settings take effect at the time of SQL start.
See related articles below if you have set the “Encrypt New” Flag and/or the “Specify..” rules and your backup is not encrypted as expected.
240038: SQL database backups to a Mapped Drive are not encrypted
240046: Backup not encrypted even though “encrypt new” flag was set