security key-manager create-key

Create a new authentication key

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command creates a new authentication key (AK) and stores it on the configured key management servers. The command fails if the configured key management servers are already storing more than 128 AKs. If command fails due to more than 128 keys in cluster, delete unused keys on your key management servers and try the command again. This command is not supported when onboard key management is enabled.

Parameters

[-key-tag <text>] - Key Tag
This parameter specifies the key tag that you want to associate with the new authentication key (AK). The default value is the node name. This parameter can be used to help identify created authentication keys (AKs). For example, the key-manager query command key-tag parameter can be used to query for a specific key-tag value.
[-prompt-for-key {true|false}] - Prompt for Authentication Passphrase
If you specify this parameter as true, the command prompts you to enter an authentication passphrase manually instead of generating it automatically. For security reasons, the authentication passphrase you entered is not displayed at the command prompt. You must enter the authentication passphrase a second time for verification. To avoid errors, copy and paste authentication passphrases electronically instead of entering them manually. Data ONTAP saves the resulting authentication key/key ID pair automatically on the configured key management servers.

Examples

cluster1::> security key-manager create-key -key-tag cluster1
  (security key-manager create-key)

Verifying requirements...

Node: cluster1
Creating authentication key...
Authentication key creation successful.
Key ID: F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC

Node: cluster1
Key manager restore operation initialized.
Successfully restored key information.

Node: cluster2
Key manager restore operation initialized.
Successfully restored key information.


cluster1::> security key-manager create-key -key-tag cluster1 -prompt-for-key true
  (security key-manager create-key)

Verifying requirements...

Enter a new passphrase::
Reenter the new passphrase::

Node: cluster1
Creating authentication key...
Authentication key creation successful.
Key ID: 6FB176106FB1B71901010000000000009FFC077FEEDE8188542230E0B73D289B

Node: cluster1
Key manager restore operation initialized.
Successfully restored key information.

Node: cluster2
Key manager restore operation initialized.
Successfully restored key information.