Skip to main content

How to verify the storage client credentials created from CloudRanger exist on the AWS account.

How to verify the storage client credentials created from CloudRanger exist on the AWS account.

Updated yesterday

Overview

This article provides step-by-step instructions for verifying that storage client credentials created from the CloudRanger console exist in your AWS account. Understanding where these credentials are stored and how to locate them is essential for troubleshooting and account management.

What are CloudRanger Client Credentials?

CloudRanger Client Credentials are authentication parameters that enable secure access to your AWS Key Management System (AWS KMS). These credentials serve a critical role in the data protection workflow:

  • Purpose: Generate and manage data encryption keys (ekey)

  • Function: The ekey encrypts user data before backup to Druva Cloud

  • Security: Ensures end-to-end encryption of your backup data

Important: Credentials vs. KMS Keys

Key Point: When you create client credentials through CloudRanger, they are stored as parameters in AWS Systems Manager Parameter Store, not as KMS keys. This is a common point of confusion.

  • βœ… Stored in: AWS Systems Manager Parameter Store

  • ❌ NOT stored in: AWS Key Management Service (KMS)

Locating Your Client Credentials

Step 1: Access Your AWS Account

  1. Log in to the AWS Management Console

  2. Ensure you're in the correct AWS account where you created the storage credentials via CloudRanger

  3. Verify you're in the appropriate AWS region

Step 2: Navigate to Systems Manager

  1. In the AWS Console, search for "Systems Manager" or find it under "Management & Governance"

  2. Click on AWS Systems Manager

Step 3: Access Parameter Store

  1. In the Systems Manager dashboard, locate the left navigation panel

  2. Under Application Management, click on Parameter Store

Step 4: Identify CloudRanger Parameters

Look for parameters with the following characteristics:

Default Naming Convention:

  • Prefix: Druva-ClientCredential-

  • Example: Druva-ClientCredential-Chris-dell211_eg79AFbi

Parameter Details:

  • Type: SecureString

  • Tier: Standard

  • Last Modified: Shows creation/update timestamp

Step 5: Verify Parameter Details

  1. Click on a parameter name to view its details

  2. Verify the parameter type is "SecureString"

  3. Check the creation date matches when you created credentials in CloudRanger

  4. Note: The actual credential value will be encrypted and not visible

If You Don't See Expected Parameters:

  1. Check AWS Region: Ensure you're looking in the correct AWS region where credentials were created

  2. Verify AWS Account: Confirm you're logged into the correct AWS account

  3. Check Permissions: Ensure your AWS user has permissions to view Parameter Store

  4. Search Function: Use the search box in Parameter Store to look for custom prefixes

  5. Clear Filters: Remove any applied filters that might hide the parameters

Related Articles
A walkthrough of the Druva CloudRanger console
Configure storage rules for Airgap Backup of EC2 Resources
Manage client credentials
How to create disaster recovery environment in CloudRanger
Did this answer your question?