Cloud IBR is designed to use Read-Only keys to perform restores from your object storage. Read-Only keys work with object storage buckets used with “Direct to object storage backups” in Veeam v12 as well as with Scale-Out Backup Repositories (SOBR) created by Veeam v10 and later, that do not have Encryption enabled at the SOBR level. For SOBR’s that have Encryption enabled, Veeam requires Read-Write access to the bucket when adding it to the Cloud IBR Veeam server. You can confirm if you have an encryption key assigned to your SOBR by opening the properties of your SOBR and checking your configuration as shown here. To work around this Veeam limitation, simply make sure you have enabled encryption on each of your backup jobs by editing each job, click the Storage section, click Advanced button, select the Storage tab and ensure that “Enable backup file encryption” is checked, as shown here. You can then safely disable encryption for the SOBR, as having encryption enabled in both locations does not provide any additional benefit, since the data offloaded to object storage will already be encrypted once you enable encryption on each backup job.
