Displays the key IDs stored in a key management server and whether restored (present in the node's key table).
Availability: This command is available to cluster administrators at the admin privilege level.
Description
This command displays the key IDs of the authentication keys that are stored on the key management servers. This command does not update the key tables on the node. To refresh the key tables on the nodes with the key management server key tables, use the
security key-manager restore command. This command is not supported when onboard key management is enabled.
Parameters
- { [-fields <fieldname>, ...]
- This parameter specifies the fields that you want to display.
- | [-instance ]}
- If you specify this parameter, the command displays all available information about key IDs.
- [-node {<nodename>|local}] - Node
- This parameter specifies the name of the node that will query the specified key management servers. If parameter is not specified, all nodes will query the specified key management servers.
- [-address <IP Address>] - IP Address
- This parameter specifies the IP address of the key management server you want to query.
- [-key-tags <text>, ...] - Key Tag
- If you specify this parameter, the command displays only the key IDs associated with the specified key tags.
- [-key-ids <text>, ...] - Authentication Key ID
- If you specify this parameter, the command displays only the specified key IDs.
- [-restored {yes|no}, ...] - AK/Key ID Pair Present in Node's Key Table?
- This parameter specifies whether the key ID/AK pairs are present in the specified node's internal key table, If you specify "yes" for this parameter the command displays only the key IDs of the authentication keys that are present in the system's internal key table. If you specify "no" for this parameter the command displays only the key IDs of the authentication keys that are not present in the system's internal key table.
- [-count <integer>] - AK/Key ID Pair Count
- This parameter specifies the key ID/AK pair count stored in the key management servers. If you specify this parameter the command displays only the key IDs retrieved from the key management servers with the specified number of key ID/AK pairs.
- [-key-manager-server-status {available|not-responding|unknown}] - Key Manager Status
- This parameter specifies the connectivity status of the key management server. If you specify this parameter the command displays only the key IDs retrieved from the key management servers with specified status.
Examples
cluster1::> security key-manager query
(security key-manager query)
Node: cluster1
Key Manager: 10.233.1.198
Count: 2
Key Tag Key ID Restored
---------------------- ---------------------------------------------------------------- --------
cluster1 F1CB30AFF1CB30B00101000000000000A68B167F92DD54196297159B5968923C yes
cluster2 F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC yes
Node: cluster2
Key Manager: 10.233.1.198
Count: 2
Key Tag Key ID Restored
---------------------- ---------------------------------------------------------------- --------
cluster2 F1CB30AFF1CB30B00101000000000000A68B167F92DD54196297159B5968923C yes
cluster1 F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC yes
cluster1::> security key-manager query -address 10.233.1.198 -node cluster1 -key-tag cluster1
(security key-manager query)
Node: cluster1
Key Manager: 10.233.1.198
Count: 1
Key Tag Key ID Restored
---------------------- ---------------------------------------------------------------- --------
cluster1 F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC yes