security key-manager onboard enable

Contributors

Enable the Onboard Key Manager

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command enables the Onboard Key Manager for the admin Vserver.

Parameters

[-cc-mode-enabled {yes|no}] - Enable Common Criteria Mode?

Use this parameter to specify whether the Common Critieria (CC) mode should be enabled or not. When CC mode is enabled, you are required to provide a cluster passphrase that is between 64 and 256 ASCII character long, and you are required to enter that passphrase each time a node reboots. CC mode cannot be enabled in a MetroCluster configuration.

[-are-unencrypted-metadata-volumes-allowed-in-cc-mode {yes|no}] - Are Unencrypted Metadata Volumes Allowed in Common Criteria Mode

If Common Criteria (CC) mode is enabled this parameter allows unencrypted metadata volumes to exist. These metadata volumes are created internally during normal operation. Examples are volumes created during SnapMirror and Vserver migrate operations. the default value is no .

Examples

The following example enables the Onboard Key Manager for the admin Vserver cluster-1:

cluster-1::> security key-manager onboard enable

Enter the cluster-wide passphrase for the Onboard Key Manager:

Re-enter the cluster-wide passphrase:

After configuring the Onboard Key Manager, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation. To view the data, use the "security key-manager onboard show-backup" command.