security key-manager restore
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
Restore the authentication key and key ID pairs from the key management servers.
Availability: This command is available to cluster administrators at the admin privilege level.
Description
This command retrieves and restores any current unrestored keys associated with the storage controller from the specified key management servers. This command is not supported when onboard key management is enabled.
Parameters
- {
[-fields <fieldname>,…]
-
If you specify the
-fields <fieldname>, …
parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify. - |
[-instance ]
} -
If you specify the
-instance
parameter, the command displays detailed information about all fields. [-node {<nodename>|local}]
- Node-
This parameter specifies the name of the node that is to load the key IDs into its internal key table. If not specified, all nodes retrieve keys into their internal key table.
[-address <IP Address>]
- IP Address-
If this parameter is specified, the command restores only from key management server at the specified IP address. If not specified the command restores from all available key management servers.
[-key-tag <text>]
- Key Tag-
This parameter specifies the value associated with the key ID pair at the time of their creation. If specified, restore only key ID pairs associated with the specified key tag. If not specified, all key ID pairs for the cluster are retrieved.
[-key-ids <text>,…]
- Authentication Key ID-
If this parameter is specified, the command restores only the specified key IDs.
[-count <integer>]
- AK/Key ID Pair Count-
The value
count
is deprecated and may be removed in a future release of Data ONTAP. This parameter specifies the total number of keys stored in the key management servers. If this parameter is specified, then the command displays only the key IDs retrieved from the key management servers whose total key count matches the specified count number. [-key-manager-server-status {available|not-responding|unknown}]
- Command Error Code-
This parameter specifies the connectivity status of the key management server. If you specify this parameter the command displays only the key IDs retrieved from key management servers with specified status.
Examples
The following command restores keys that are currently on a key server but are not stored within the key tables on the cluster:
cluster-1::> security key-manager restore Node: node1 Key Manager: 10.0.0.10 Server Status: available Key IDs ------------------------------------------------------- 000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000 000000000000000002000000000005004d03aca5b72cd20b2f83eae1531c605e0000000000000000 Node: node2 Key Manager: 10.0.0.10 Server Status: available Key IDs ------------------------------------------------------- 000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000 000000000000000002000000000005004d03aca5b72cd20b2f83eae1531c605e0000000000000000
The following loads any keys that exist on the key servers with IP address 10.0.0.10 with key-tag "node1" that are not currently stored in key tables of the nodes in the cluster. In this example, a key with that key-tag was missing from two nodes in the cluster:
cluster-1::> security key-manager restore -address 10.0.0.10 -key-tag node1 Node: node1 Key Manager: 10.0.0.10 Server Status: available Key IDs ------------------------------------------------------- 000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000 Node: node2 Key Manager: 10.0.0.10 Server Status: available Key IDs ------------------------------------------------------- 000000000000000002000000000001001d71f3b2468d7e16a6e6972d3e6645200000000000000000