Skip to main content
A newer release of this product is available.

security key-manager external gcp rekey-external

Contributors
Suggest changes

Rekey an external key of the Vserver

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command replaces the existing GCP key encryption key (KEK) and results in the key hierarchy being protected by the user specified GCP KEK. The GCP key ring in use by the GCP Portal should be updated to use the new KEK prior to running this command. Upon successful completion of this command, the internal keys for the given Vserver will be protected by the new GCP KEK.

Parameters

-vserver <Vserver Name> - Vserver

This parameter specifies the Vserver for which ONTAP should rekey the GCP KEK.

-key-name <text> - Google Cloud KMS Key Encryption Key Name

This parameter specifies the key name of the new GCP KEK that should be used by ONTAP for the provided Vserver.

[-project-id <text>] - Google Cloud KMS Project (Application) ID

This parameter specifies the new project ID of the new GCP KEK that should be used by ONTAP for the provided Vserver.

[-key-ring-name <text>] - Google Cloud KMS Key Ring Name

This parameter specifies the new key ring name of the new GCP KEK that should be used by ONTAP for the provided Vserver.

[-key-ring-location <text>] - Google Cloud KMS Key Ring Location

This parameter specifies the new key ring location of the new GCP KEK that should be used by ONTAP for the provided Vserver.

Examples

The following command rekeys GCP KEK for data Vserver v1 using a new key-name key1.

cluster-1::> security key-manager external gcp rekey-external -vserver v1 -key-name key1