Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Deduplication Guide
  3. Configuring isolated recovery environment (IRE)
  4. Configuring an isolated recovery environment using the command line
  5. Using the API Keys to support MFA configuration
NetBackup™ Deduplication Guide

Using the API Keys to support MFA configuration

You can use API keys when accessing the production and IRE primary servers. API keys provide an alternative to traditional password-based authentication, especially in environments where multi-factor authentication (MFA) is enabled. Unlike passwords, API keys bypass the need for an MFA one-time password (OTP).

The show_slp_window, sync_ire_window, and add_replication_op commands that require authentication to the primary server prompt for the admin user's password if an API key is not specified. However, these commands do not support MFA OTP. If MFA is enabled on the primary server, password-based authentication will be denied, preventing access. This limitation makes API keys essential for environments that have MFA enabled.

Use the production_use_apikey and ire_use_apikey parameters in the commands to authenticate with API keys instead of passwords. The production_use_apikey parameter is used for accessing the production primary server, while the ire_use_apikey parameter is used for the IRE primary server. Including these parameters in the command ensures seamless authentication without requiring an OTP.

To use these parameters, administrators must ensure that the API key is associated with a user account that has the necessary Role-Based Access Control (RBAC) permissions. Specifically, the admin user for the API key must have at least the Default IRE SLP Administrator role. For information on managing API keys, refer to the NetBackup Web UI Administrator's Guide.

Feedback

Was this page helpful?
Previous

Configuring an isolated recovery environment using the command line

Next

Configuring an isolated recovery environment on a NetBackup BYO media server

Feedback

Was this page helpful?