This article describs the results of losing an encryption key for the system
The encryption passphrase has been lost or forgotten.
No existing backups or archives can be recovered if they were encrypted and the key is lost. It is also impossible to delete deduplicated or replicated backup content from the SIS container as the entire SIS container is encrypted if any single client is encrypted in the system. It is paramount that the encryption passphrase be protected at all times. Any backup or archive for a client that has encryption enabled, and all vaulted backups for that same client require the passphrase to be known to recover. There is NO workaround! If the key is lost, all encrypted data will be lost. Backups that are not encrypted will still be recoverable, but encrypted backups that have a lost or forgotten passphrase will be rendered useless. The system must be re-imaged to be used for further backups. See the admin guide for information about necessary processes.
When passphrases are changed, the system protects legacy passphrases in a new encrypted file, secured with the new key, and those legacy passphrases are used for accessing backups and backup copies encrypted under the previous passphrase. However, only the current passphrase is required to be known to do so. When migrating from one Unitrends System to another where encryption is in use on the original system, the MasterKey file must be migrated as well. For details on how to migrate the MasterKey file, reference: Import encryption MasterKey file to a new appliance. Alternatively, the older passphrases can be separately documented and entered into the system when recovering data that was encrypted using a previous passphrase.
It is common to have encryption "On, Off after Reboot" which requires customers to re-enter their passphrase every time the appliance is rebooted. Also if encryption is manually disabled it must be re-enabled. The most recently used passphrase is required to be re-entered. If the passphrase is lost of forgotten and cannot be reentered, and no key backup exists, then the key is effectively lost.
Using the "On, Off after Reboot" is a security feature to ensure the encrypted data cannot be recovered by an unauthorized user if an appliance is relocated. If you do not want to re-enter the encryption pass phrase after each reboot, set encryption to "On".