security key-manager query

Displays the key IDs stored in a key management server and whether restored (present in the node's key table).

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command displays the key IDs of the authentication keys that are stored on the key management servers. This command does not update the key tables on the node. To refresh the key tables on the nodes with the key management server key tables, use the security key-manager restore command. This command is not supported when onboard key management is enabled.

Parameters

{ [-fields <fieldname>, ...]
This parameter specifies the fields that you want to display.
| [-instance ]}
If you specify this parameter, the command displays all available information about key IDs.
[-node {<nodename>|local}] - Node
This parameter specifies the name of the node that will query the specified key management servers. If parameter is not specified, all nodes will query the specified key management servers.
[-address <IP Address>] - IP Address
This parameter specifies the IP address of the key management server you want to query.
[-key-tags <text>, ...] - Key Tag
If you specify this parameter, the command displays only the key IDs associated with the specified key tags.
[-key-ids <text>, ...] - Authentication Key ID
If you specify this parameter, the command displays only the specified key IDs.
[-restored {yes|no}, ...] - AK/Key ID Pair Present in Node's Key Table?
This parameter specifies whether the key ID/AK pairs are present in the specified node's internal key table, If you specify "yes" for this parameter the command displays only the key IDs of the authentication keys that are present in the system's internal key table. If you specify "no" for this parameter the command displays only the key IDs of the authentication keys that are not present in the system's internal key table.
[-count <integer>] - AK/Key ID Pair Count
This parameter specifies the key ID/AK pair count stored in the key management servers. If you specify this parameter the command displays only the key IDs retrieved from the key management servers with the specified number of key ID/AK pairs.
[-key-manager-server-status {available|not-responding|unknown}] - Key Manager Status
This parameter specifies the connectivity status of the key management server. If you specify this parameter the command displays only the key IDs retrieved from the key management servers with specified status.

Examples

cluster1::> security key-manager query
  (security key-manager query)

        Node: cluster1
 Key Manager: 10.233.1.198
       Count: 2

Key Tag                 Key ID                                                            Restored
----------------------  ----------------------------------------------------------------  --------
cluster1                F1CB30AFF1CB30B00101000000000000A68B167F92DD54196297159B5968923C  yes
cluster2                F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC  yes


        Node: cluster2
 Key Manager: 10.233.1.198
       Count: 2

Key Tag                 Key ID                                                            Restored
----------------------  ----------------------------------------------------------------  --------
cluster2                F1CB30AFF1CB30B00101000000000000A68B167F92DD54196297159B5968923C  yes
cluster1                F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC  yes

 cluster1::> security key-manager query -address 10.233.1.198 -node cluster1 -key-tag cluster1
  (security key-manager query)

        Node: cluster1
 Key Manager: 10.233.1.198
       Count: 1

Key Tag                 Key ID                                                            Restored
----------------------  ----------------------------------------------------------------  --------
cluster1                F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC  yes