Update the Onboard Key Manager Passphrase
Availability: This command is available to cluster administrators at the advanced privilege level.
Description
This command provides a way to update the cluster-wide
passphrase that is used for the Onboard Key Manager and initially created by
running the
security key-manager onboard enable command.
This command prompts for the existing passphrase, and if that passphrase is
correct then the command prompts for a new passphrase.
When the Onboard Key Manager is enabled for the admin Vserver, run the
security key-manager onboard show-backup command after
updating the passphrase and save the output for emergency recovery scenarios.
When the
security key-manager onboard update-passphrase
command is executed in a MetroCluster configuration, then run the
security key-manager onboard sync command with the new
passphrase on the partner site before proceeding with any key-manager
operations. This allows the updated passphrase to be replicated to the
partner site.
Examples
The following example updates the cluster-wide passphrase used for
the Onboard Key Manager:
cluster-1::*> security key-manager onboard update-passphrase
Warning: This command will reconfigure the cluster passphrase for onboard
key management.
Do you want to continue? {y|n}: y
Enter current passphrase:
Enter new passphrase:
Reenter the new passphrase:
Update passphrase has completed. Save the new encrypted configuration data in
a safe location so that you can use it if you need to perform a manual recovery
operation. To view the data, use the "security key-manager onboard show-backup"
command.