(DEPRECATED)-Display encryption key IDs stored in onboard key manager
Availability: This command is available to cluster administrators at the admin privilege level.
Description
This command displays the key IDs of the authentication keys
(NSE-AK) and SVM keys (SVM-KEK) that are available in onboard key
management. This command is not supported for an external key management
configuration.
Parameters
- { [-fields <fieldname>, ...]
- If you specify the -fields <fieldname>, ... parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
- | [-detail ]
- If this parameter is specified, the command displays
additional details about the key IDs.
- | [-instance ]}
- If you specify the -instance parameter, the command displays detailed information about all fields.
- [-node {<nodename>|local}] - Node
- If this parameter is specified, the command displays
information only about key IDs that are located on the specified
storage system.
- [-key-store <Key Store>] - Key Store
- If this parameter is specified, the command displays
information only about key IDs that are managed by the specified
key management. For example, use onboard for
onboard key management.
- [-key-id <text>] - Key Identifier
- If this parameter is specified, the command displays
information only about the specified key IDs.
- [-key-tag <text>] - Key Tag
- If this parameter is specified, the command displays
information only about key IDs that have the specified key tags.
- [-key-location <text>] - Key Location
- If this parameter is specified, the command displays
information only about key IDs that are located on the specified
key location. For example, use local-cluster
for onboard key management.
- [-used-by <Key Usage Type>] - Used By
- If this parameter is specified, the command displays
information only about key IDs that are associated with the
specified application usage of the keys. For example, "NSE-AK"
would display key IDs only for NSE drives.
- [-restored {yes|no}] - Restored
- If this parameter is specified, the command displays
information only about key IDs that have the specified value of
restored keys. If restored is yes, then the
corresponding key is available (normal). If restored is
no, use the
security key-manager setup command to restore
the key. See the man page for
security key-manager setup for details.
Examples
The following example shows all keys stored in the onboard key
manager:
cluster-1::> security key-manager key show
Node: node1
Key Store: onboard
Used By
--------
NSE-AK
Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
NSE-AK
Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
SVM-KEK
Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
Node: node2
Key Store: onboard
Used By
--------
NSE-AK
Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
NSE-AK
Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
SVM-KEK
Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
6 entries were displayed.
The following example shows a detailed view of all keys stored in
the onboard key manager:
cluster-1::> security key-manager key show -detail
Node: node1
Key Store: onboard
Key ID Key Tag Used By Stored In Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
- NSE-AK local-cluster yes
000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
- NSE-AK local-cluster yes
00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
- SVM-KEK local-cluster yes
Node: node2
Key Store: onboard
Key ID Key Tag Used By Stored In Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
- NSE-AK local-cluster yes
000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
- NSE-AK local-cluster yes
00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
- SVM-KEK local-cluster yes
6 entries were displayed.