troubleshooting

Proxmox Backup Client failed: error missing key

How to resolve the 'error missing key' when using Proxmox Backup Client with an encrypted datastore.

By Emmanuel · Updated August 6, 2025
Proxmox Backup Client failed: error missing key

When using Proxmox Backup Client with encryption, you may encounter the “error: missing key” message. This article explains the cause and provides solutions.

Understanding the error

This error occurs when Proxmox Backup Client tries to back up to or restore from an encrypted datastore, but cannot find the encryption key. The client needs the key to encrypt data before sending it to the server (for backups) or to decrypt data after receiving it (for restores).

Common causes

1. Encryption key not specified

If you enabled encryption when creating your first backup but didn’t specify the key in subsequent operations:

# This will fail if the datastore expects encryption
proxmox-backup-client backup root.pxar:/ --repository user@server:store

# Specify the key file
proxmox-backup-client backup root.pxar:/ --repository user@server:store --keyfile /path/to/encryption-key.json

2. Key file not found

The key file may have been moved, deleted, or the path is incorrect. Verify the key file exists:

ls -la /path/to/encryption-key.json

3. Key file permissions

The key file must be readable by the user running the backup:

chmod 600 /path/to/encryption-key.json

Solutions

Specify the key file explicitly

Always use the --keyfile parameter when working with encrypted datastores:

proxmox-backup-client backup root.pxar:/ \
  --repository user@pbs!token@server:store \
  --keyfile /etc/proxmox-backup/encryption-key.json

Set the key file in environment

You can set the PBS_ENCRYPTION_PASSWORD environment variable to avoid specifying the key file each time.

Regenerate the key (last resort)

If you’ve lost your encryption key, you cannot decrypt existing backups. You can generate a new key for future backups:

proxmox-backup-client key create /etc/proxmox-backup/encryption-key.json

Warning: Existing encrypted backups will be unrecoverable without the original key. Always keep secure backups of your encryption keys.

Prevention

  • Store encryption keys in a secure, separate location
  • Keep multiple copies of your key (encrypted USB, password manager)
  • Document which key is used for which backup job
  • Never store the key on the same system you’re backing up

Need help?

Contact our support team if you need assistance with encryption key management on your Cloud-PBS instance.

proxmox pbs troubleshooting encryption

Ready to try Cloud-PBS?

Start your 7-day free trial today.

Start free trial
← Back to Resources