Create storage array security key
The create storageArray securityKey
command creates or changes a new security key for a storage array that has full disk encryption (FDE) drives.
Supported Arrays
If external key management is enabled, then this command applies only to the E4000, E2800, E5700,EF600, and EF300 arrays. If internal key management is enabled, then the command applies to any individual storage array, as long as all SMcli packages are installed.
Roles
To execute this command on an E4000, E2800, E5700, EF600, or EF300 storage array, you must have the Security Admin role.
Context
For internal key management, this command enables the Internal Key Management feature and creates the security key. After creating the key, use the set storageArray securityKey
command to put the key into use. This command can also be used to change the security key.
For external key management, this command creates a different key to replace the key initially created when you enabled the feature. Use the enable storageArray externalKeyManagement
command to enable the External Key Management feature and create the initial security key. This command can also be used to change the security key.
Syntax
create storageArray securityKey
[keyIdentifier="keyIdentifierString"]
passPhrase="passPhraseString"
file="fileName"
[commitSecurityKey=(TRUE | FALSE)]
Parameters
Parameter | Description | ||
---|---|---|---|
|
A character string that you can read that is a wrapper around a security key. Enclose the key identifier in double quotation marks (" "). You can enter characters for the key identifier for internal security keys to help you identify the key later. These are the formatting rules:
Additional characters are automatically generated and appended to the end of the string that you enter for the key identifier. If you do not enter any string for the
|
||
|
A character string that encrypts the security key so that you can store the security key in an external file. Enclose the pass phrase in double quotation marks (" "). For information about the correct form for creating a valid pass phrase, refer to the Notes in this command description. Your pass phrase must meet these criteria:
|
||
|
The file path and the file name to which you want to save the security key. For example: file="C:\Program Files\CLI\sup\drivesecurity.slk"
Enclose the file path and name in double quotation marks (" "). |
||
|
This parameter commits the security key to the storage array for all FDE drives as well as the controllers. After the security key is committed, a key is required to access data on Security Enabled drives in the storage array. The data can only be read or changed by using a key, and the drive can never be used in a non-secure mode without rendering the data useless or totally erasing the drive. The default value is FALSE. If this parameter is set to FALSE, send a separate |
Minimum firmware level
7.40, introduced for internal key management
8.40, introduced for external key management