security key-manager restore

Restore the key ID pairs from the key management servers.

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command retrieves and restores any current unrestored keys associated with the storage controller from the specified key management servers. This command is not supported when onboard key management is enabled.

Parameters

{ [-fields <fieldname>, ...]
If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-instance ]}
If you specify the -instance parameter, the command displays detailed information about all fields.
[-node {<nodename>|local}] - Node
This parameter specifies the name of the node that is to load the key IDs into its internal key table. If not specified, all nodes retrieve keys into their internal key table.
[-address <IP Address>] - IP Address
If this parameter is specified, the command restores only from key management server at the specified IP address. If not specified the command restores from all available key management servers.
[-key-id <key id>] - Key ID
If this parameter is specified, the command restores only the specified key IDs.
[-key-tag <text>] - Key Tag
This parameter specifies the value associated with the key ID pair at the time of their creation. If specified, restore only key ID pairs associated with the specified key tag. If not specified, all key ID pairs for the cluster are retrieved.
[-count <integer>] - (DEPRECATED)-Key Server's total Key Count
The value count is deprecated and may be removed in a future release of Data ONTAP. This parameter specifies the total number of keys stored in the key management servers. If this parameter is specified, then the command displays only the key IDs retrieved from the key management servers whose total key count matches the specified count number.
[-key-manager-server-status {available|not-responding|unknown}] - Command Error Code
This parameter specifies the connectivity status of the key management server. If you specify this parameter the command displays only the key IDs retrieved from key management servers with specified status.

Examples

The following command restores keys that are currently on a key server but are not stored within the key tables on the cluster:

cluster-1::> security key-manager restore

          Node: node1
   Key Manager: 10.0.0.10
 Server Status: available

Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000
000000000000000002000000000005004d03aca5b72cd20b2f83eae1531c605e0000000000000000


          Node: node2
   Key Manager: 10.0.0.10
 Server Status: available

Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000
000000000000000002000000000005004d03aca5b72cd20b2f83eae1531c605e0000000000000000
        

The following loads any keys that exist on the key servers with IP address 10.0.0.10 with key-tag "node1" that are not currently stored in key tables of the nodes in the cluster. In this example, a key with that key-tag was missing from two nodes in the cluster:

cluster-1::> security key-manager restore -address 10.0.0.10 -key-tag node1

          Node: node1
   Key Manager: 10.0.0.10
 Server Status: available

Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000

          Node: node2
   Key Manager: 10.0.0.10
 Server Status: available

Key IDs
-------------------------------------------------------
000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000