diff --git a/pbs-api-types/src/key_derivation.rs b/pbs-api-types/src/key_derivation.rs
new file mode 100644
index 00000000..9a53130c
--- /dev/null
+++ b/pbs-api-types/src/key_derivation.rs
@@ -0,0 +1,56 @@
+use serde::{Deserialize, Serialize};
+
+use proxmox::api::api;
+
+use crate::CERT_FINGERPRINT_SHA256_SCHEMA;
+
+#[api(default: "scrypt")]
+#[derive(Clone, Copy, Debug, Deserialize, Serialize)]
+#[serde(rename_all = "lowercase")]
+/// Key derivation function for password protected encryption keys.
+pub enum Kdf {
+    /// Do not encrypt the key.
+    None,
+    /// Encrypt they key with a password using SCrypt.
+    Scrypt,
+    /// Encrtypt the Key with a password using PBKDF2
+    PBKDF2,
+}
+
+impl Default for Kdf {
+    #[inline]
+    fn default() -> Self {
+        Kdf::Scrypt
+    }
+}
+
+#[api(
+    properties: {
+        kdf: {
+            type: Kdf,
+        },
+        fingerprint: {
+            schema: CERT_FINGERPRINT_SHA256_SCHEMA,
+            optional: true,
+        },
+    },
+)]
+#[derive(Deserialize, Serialize)]
+/// Encryption Key Information
+pub struct KeyInfo {
+    /// Path to key (if stored in a file)
+    #[serde(skip_serializing_if="Option::is_none")]
+    pub path: Option<String>,
+    pub kdf: Kdf,
+    /// Key creation time
+    pub created: i64,
+    /// Key modification time
+    pub modified: i64,
+    /// Key fingerprint
+    #[serde(skip_serializing_if="Option::is_none")]
+    pub fingerprint: Option<String>,
+    /// Password hint
+    #[serde(skip_serializing_if="Option::is_none")]
+    pub hint: Option<String>,
+}
+
diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs
index 427b2d9f..7b978e82 100644
--- a/pbs-api-types/src/lib.rs
+++ b/pbs-api-types/src/lib.rs
@@ -34,6 +34,9 @@ macro_rules! SNAPSHOT_PATH_REGEX_STR {
     );
 }
 
+mod key_derivation;
+pub use key_derivation::{Kdf, KeyInfo};
+
 #[macro_use]
 mod userid;
 pub use userid::Authid;
diff --git a/pbs-datastore/src/key_derivation.rs b/pbs-datastore/src/key_derivation.rs
index be5c077f..92e81ba1 100644
--- a/pbs-datastore/src/key_derivation.rs
+++ b/pbs-datastore/src/key_derivation.rs
@@ -4,64 +4,13 @@ use std::path::Path;
 use anyhow::{bail, format_err, Context, Error};
 use serde::{Deserialize, Serialize};
 
-use proxmox::api::api;
 use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions};
 use proxmox::try_block;
 
-use pbs_api_types::CERT_FINGERPRINT_SHA256_SCHEMA;
+use pbs_api_types::{Kdf, KeyInfo};
 
 use crate::crypt_config::{CryptConfig, Fingerprint};
 
-#[api(default: "scrypt")]
-#[derive(Clone, Copy, Debug, Deserialize, Serialize)]
-#[serde(rename_all = "lowercase")]
-/// Key derivation function for password protected encryption keys.
-pub enum Kdf {
-    /// Do not encrypt the key.
-    None,
-    /// Encrypt they key with a password using SCrypt.
-    Scrypt,
-    /// Encrtypt the Key with a password using PBKDF2
-    PBKDF2,
-}
-
-impl Default for Kdf {
-    #[inline]
-    fn default() -> Self {
-        Kdf::Scrypt
-    }
-}
-
-#[api(
-    properties: {
-        kdf: {
-            type: Kdf,
-        },
-        fingerprint: {
-            schema: CERT_FINGERPRINT_SHA256_SCHEMA,
-            optional: true,
-        },
-    },
-)]
-#[derive(Deserialize, Serialize)]
-/// Encryption Key Information
-pub struct KeyInfo {
-    /// Path to key (if stored in a file)
-    #[serde(skip_serializing_if="Option::is_none")]
-    pub path: Option<String>,
-    pub kdf: Kdf,
-    /// Key creation time
-    pub created: i64,
-    /// Key modification time
-    pub modified: i64,
-    /// Key fingerprint
-    #[serde(skip_serializing_if="Option::is_none")]
-    pub fingerprint: Option<String>,
-    /// Password hint
-    #[serde(skip_serializing_if="Option::is_none")]
-    pub hint: Option<String>,
-}
-
 /// Key derivation function configuration
 #[derive(Deserialize, Serialize, Clone, Debug)]
 pub enum KeyDerivationConfig {
diff --git a/pbs-datastore/src/lib.rs b/pbs-datastore/src/lib.rs
index 4380adb3..ae06686a 100644
--- a/pbs-datastore/src/lib.rs
+++ b/pbs-datastore/src/lib.rs
@@ -219,6 +219,6 @@ pub use data_blob_writer::DataBlobWriter;
 pub use key_derivation::{
     decrypt_key, load_and_decrypt_key, rsa_decrypt_key_config, rsa_encrypt_key_config,
 };
-pub use key_derivation::{Kdf, KeyConfig, KeyDerivationConfig, KeyInfo};
+pub use key_derivation::{KeyConfig, KeyDerivationConfig};
 pub use manifest::BackupManifest;
 pub use store_progress::StoreProgress;
diff --git a/src/api2/config/tape_encryption_keys.rs b/src/api2/config/tape_encryption_keys.rs
index 7204712b..9c4b5e05 100644
--- a/src/api2/config/tape_encryption_keys.rs
+++ b/src/api2/config/tape_encryption_keys.rs
@@ -11,8 +11,7 @@ use proxmox::{
     },
 };
 
-use pbs_api_types::Fingerprint;
-use pbs_datastore::{KeyInfo, Kdf};
+use pbs_api_types::{Fingerprint, KeyInfo, Kdf};
 use pbs_datastore::key_derivation::KeyConfig;
 use pbs_config::open_backup_lockfile;
 
diff --git a/src/bin/proxmox_tape/encryption_key.rs b/src/bin/proxmox_tape/encryption_key.rs
index dce43fd8..998928a6 100644
--- a/src/bin/proxmox_tape/encryption_key.rs
+++ b/src/bin/proxmox_tape/encryption_key.rs
@@ -11,8 +11,7 @@ use proxmox::{
     sys::linux::tty,
 };
 
-use pbs_api_types::Fingerprint;
-use pbs_datastore::Kdf;
+use pbs_api_types::{Fingerprint, Kdf};
 use pbs_datastore::paperkey::{PaperkeyFormat, generate_paper_key};
 
 use proxmox_backup::{