security key-manager config modify

Contributors

Modify key management configuration options

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

This command modifies the key management configuration options.

Parameters

[-cc-mode-enabled {true|false}] - Enable Common Criteria Mode

This parameter modifies the configuration state of the Onboard Key Manager (OKM) Common Criteria (CC) mode. CC mode enforces some of the policies required by the Common Criteria "Collaborative Protection Profile for Full Drive Encryption-Authorization Acquisition" (FDE-AA cPP) and "Collaborative Protection Profile for Full Drive Encryption-Encryption Engine" documents.

[-health-monitor-polling-interval <integer>] - Health Monitor Polling Period (in minutes)

This parameter modifies the the polling interval of the keyserver health monitor at the cluster level.

[-cloud-kms-retry-count <integer>] - Cloud KMS connection retry count

This parameter modifies the the cloud keymanager connection retry count at the cluster level.

Examples

The following command enables Common Criterial mode in the cluster:

cluster-1::*> security key-manager config modify -cc-mode-enabled true

The following command modifies the keyserver health monitor polling interval to be 30 minutes:

cluster-1::*> security key-manager config modify -health-monitor-polling-interval 30

The following command modifies the cloud keymanager connection retry count to 3:

cluster-1::*> security key-manager config modify -cloud-kms-retry-count 3