Restore the key ID pairs from the key management servers.
Availability: This command is available to cluster administrators at the admin privilege level.
Description
This command retrieves and restores any current unrestored
keys associated with the storage controller from the specified key
management servers. This command is not supported when onboard key
management is enabled.
Parameters
- { [-fields <fieldname>, ...]
- If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
- | [-instance ]}
- If you specify the -instance parameter, the command displays detailed information about all fields.
- [-node {<nodename>|local}] - Node
- This parameter specifies the name of the node that
is to load the key IDs into its internal key table. If not specified,
all nodes retrieve keys into their internal key table.
- [-address <IP Address>] - IP Address
- If this parameter is specified, the command restores
only from key management server at the specified IP address.
If not specified the command restores from all available key
management servers.
- [-key-id <key id>] - Key ID
- If this parameter is specified, the command restores
only the specified key IDs.
- [-key-tag <text>] - Key Tag
- This parameter specifies the value associated with
the key ID pair at the time of their creation. If specified,
restore only key ID pairs associated with the specified key tag.
If not specified, all key ID pairs for the cluster are
retrieved.
- [-count <integer>] - (DEPRECATED)-Key Server's total Key Count
- The value count is deprecated and
may be removed in a future release of Data ONTAP. This parameter
specifies the total number of keys stored in the key management
servers. If this parameter is specified, then the command displays
only the key IDs retrieved from the key management servers whose
total key count matches the specified count number.
- [-key-manager-server-status {available|not-responding|unknown}] - Command Error Code
- This parameter specifies the connectivity status of
the key management server. If you specify this parameter the
command displays only the key IDs retrieved from key management
servers with specified status.
Examples
The following command restores keys that are currently on a key
server but are not stored within the key tables on the cluster:
cluster-1::> security key-manager restore
Node: node1
Key Manager: 10.0.0.10
Server Status: available
Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000
000000000000000002000000000005004d03aca5b72cd20b2f83eae1531c605e0000000000000000
Node: node2
Key Manager: 10.0.0.10
Server Status: available
Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000
000000000000000002000000000005004d03aca5b72cd20b2f83eae1531c605e0000000000000000
The following loads any keys that exist on the key servers with
IP address 10.0.0.10 with key-tag "node1" that are not currently stored
in key tables of the nodes in the cluster. In this example, a key
with that key-tag was missing from two nodes in the cluster:
cluster-1::> security key-manager restore -address 10.0.0.10 -key-tag node1
Node: node1
Key Manager: 10.0.0.10
Server Status: available
Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000
Node: node2
Key Manager: 10.0.0.10
Server Status: available
Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000