Skip to main content
A newer release of this product is available.

security key-manager key show

Contributors
Suggest changes

Display Encryption Key IDs

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command displays the key IDs of the authentication keys (NSE-AK) and vserver keys (SVM-KEK) that are available in onboard key management. This command is not supported for an external key management configuration.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-detail ]

If this parameter is specified, the command displays additional details about the key IDs.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-node {<nodename>|local}] - Node

If this parameter is specified, the command displays information only about key IDs that are located on the specified storage system.

[-key-store <Key Store>] - Key Store

If this parameter is specified, the command displays information only about key IDs that are managed by the specified key management. For example, use onboard for onboard key management.

[-key-id <text>] - Key Identifier

If this parameter is specified, the command displays information only about the specified key IDs.

[-key-tag <text>] - Key Tag

If this parameter is specified, the command displays information only about key IDs that have the specified key tags.

[-key-location <text>] - Key Location

If this parameter is specified, the command displays information only about key IDs that are located on the specified key location. For example, use local-cluster for onboard key management.

[-used-by <Key Usage Type>] - Used By

If this parameter is specified, the command displays information only about key IDs that are associated with the specified application usage of the keys. For example, "NSE-AK" would display key IDs only for NSE drives.

[-restored {yes|no}] - Restored

If this parameter is specified, the command displays information only about key IDs that have the specified value of restored keys. If restored is yes , then the corresponding key is available (normal). If restored is no , use the security key-manager setup command to restore the key. See the man page for security key-manager setup for details.

Examples

The following example shows all keys stored in the onboard key manager:

cluster-1::> security key-manager key show

Node: node1
Key Store: onboard
Key ID                                                           Used By
---------------------------------------------------------------- --------
000000000000000002000000000001001BC4C708E2A89A312E14B6CE6D4D49D4 NSE-AK
000000000000000002000000000001005E89099721F8817E65E3AEB68BE1BFCA NSE-AK
00000000000000000200000000000A0046DF92864D4CECE662B93BEB7F536610 SVM-KEK

Node: node2
Key Store: onboard
Key ID                                                           Used By
---------------------------------------------------------------- --------
000000000000000002000000000001001BC4C708E2A89A312E14B6CE6D4D49D4 NSE-AK
000000000000000002000000000001005E89099721F8817E65E3AEB68BE1BFCA NSE-AK
00000000000000000200000000000A0046DF92864D4CECE662B93BEB7F536610 SVM-KEK
6 entries were displayed.

The following example shows a detailed view of all keys stored in the onboard key manager:

cluster-1::> security key-manager key show -detail

Node: node1
Key Store: onboard
Key ID Key Tag         Used By    Stored In                            Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001BC4C708E2A89A312E14B6CE6D4D49D4
       -               NSE-AK     local-cluster                        yes
000000000000000002000000000001005E89099721F8817E65E3AEB68BE1BFCA
       -               NSE-AK     local-cluster                        yes
00000000000000000200000000000A0046DF92864D4CECE662B93BEB7F536610
       -               SVM-KEK    local-cluster                        yes

Node: node2
Key Store: onboard
Key ID Key Tag         Used By    Stored In                            Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001BC4C708E2A89A312E14B6CE6D4D49D4
       -               NSE-AK     local-cluster                        yes
000000000000000002000000000001005E89099721F8817E65E3AEB68BE1BFCA
       -               NSE-AK     local-cluster                        yes
00000000000000000200000000000A0046DF92864D4CECE662B93BEB7F536610
       -               SVM-KEK    local-cluster                        yes
6 entries were displayed.