Encryption for repaired objects
By default, the repair command matches the encryption of repaired objects to the server's encryption type.
DAOS repair automatically converts the encryption of repaired objects to the server's
DAOS encryption configuration. As a sample scenario, if:
- Donor A uses AES-256 local encryption with its server key.
- Donor B uses an AES_128 shared encryption key, which your server does not have access to.
- Your server is configured to use AES_128 encryption with a key which is not shared.
All of the objects repaired to the local DAOS store will correctly be encrypted with the target server's AES_128 encryption key. While there are significant advantages to using a shared encryption key for backup and restore purposes, the repair command does not require it.