security key-manager config modify
Modify key management configuration options
Availability: This command is available to cluster administrators at the advanced privilege level.
Description
This command modifies the key management configuration options.
Parameters
[-cc-mode-enabled {true|false}]
- Enable Common Criteria Mode (privilege: advanced)-
This parameter modifies the configuration state of the Onboard Key Manager (OKM) Common Criteria (CC) mode. CC mode enforces some of the policies required by the Common Criteria "Collaborative Protection Profile for Full Drive Encryption-Authorization Acquisition" (FDE-AA cPP) and "Collaborative Protection Profile for Full Drive Encryption-Encryption Engine" documents.
[-health-monitor-polling-interval <integer>]
- Health Monitor Polling Period (in minutes) (privilege: advanced)-
This parameter modifies the the polling interval of the keyserver health monitor at the cluster level.
[-cloud-kms-retry-count <integer>]
- Cloud KMS connection retry count (privilege: advanced)-
This parameter modifies the the cloud keymanager connection retry count at the cluster level.
[-are-unencrypted-metadata-volumes-allowed-in-cc-mode {true|false}]
- Are Unencrypted Metadata Volumes Allowed in Common Criteria Mode (privilege: advanced)-
If Common Criteria (CC) mode is enabled this parameter allows unencrypted metadata volumes to exist. These metadata volumes are created internally during normal operation. Examples are volumes created during SnapMirror and Vserver migrate operations. The default value is
false
.
Examples
The following command enables Common Criterial mode in the cluster:
cluster-1::*> security key-manager config modify -cc-mode-enabled true
The following command modifies the keyserver health monitor polling interval to be 30 minutes:
cluster-1::*> security key-manager config modify -health-monitor-polling-interval 30
The following command modifies the cloud keymanager connection retry count to 3:
cluster-1::*> security key-manager config modify -cloud-kms-retry-count 3