Enabling encryption on an existing volume with the volume encryption conversion start command

Starting with ONTAP 9.3, you can use the volume encryption conversion start command to enable encryption of an existing volume "in place," without having to move the volume to a different location.

1. Enable encryption on an existing volume: volume encryption conversion start -vserver SVM_name -volume volume_name
   For complete command syntax, see the man page for the command.
   Example

   The following command enables encryption on the existing volume vol1:

   cluster1::> volume encryption conversion start -vserver vs1 -volume vol1

   The system creates an encryption key for the volume. The data on the volume is encrypted.
2. Verify the status of the conversion operation: volume encryption conversion show
   For complete command syntax, see the man page for the command.
   Example

   The following command displays the status of the conversion operation:

   cluster1::> volume encryption conversion show
   
   Vserver   Volume   Start Time           Status
   -------   ------   ------------------   ---------------------------
   vs1       vol1     9/18/2017 17:51:41   Phase 2 of 2 is in progress.

3. When the conversion operation is complete, verify that the volume is enabled for encryption: volume show -is-encrypted true
   For complete command syntax, see the man page for the command.
   Example

   The following command displays the encrypted volumes on cluster1:

   cluster1::> volume show -is-encrypted true
   
   Vserver  Volume  Aggregate  State  Type  Size  Available  Used
   -------  ------  ---------  -----  ----  -----  --------- ----
   vs1      vol1    aggr2     online    RW  200GB    160.0GB  20%