Loading...
Loading...
This article documents how to manually update the GPG key for Veeam Hardened Repository ISO v2 appliances. Generally, the new key should automatically be distributed to all appliances that have access to the Veeam repository. However, if the appliance does not have access to the repository (either directly, via a mirror, or via http_proxy), the GPG key will not be updated. After the installed GPG expires, that appliance will be unable to connect to the update repository. On March 15, 2026, the GPG key used to sign the Veeam RPM packages expired.
Note: The updated key shares the same fingerprint (E6FBD664) as the expired key. The key itself has not changed, only its expiration date has been extended. RPM identifies installed keys by fingerprint and will not overwrite an existing entry, even when the expiration date differs. The old entry must be removed first so that the refreshed key can be imported in step 5. Download the new GPG key and copy it to the Veeam Hardened Repository using either the Files node or SSH with the veeamsvc account. The new key is available here:https://repository.veeam.com/keys/RPM-E6FBD664 Use Live Boot ISO to gain shell access to the Veeam Hardened Repository appliance.Live Boot is available from the same ISO used for installation. Once in live boot, mount the original system disks and enter chroot. sudo ./mount_systemvol.sh sudo chroot /mnt Delete the old GPG key using the following command:
Veeam Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.