security key-manager external azure enable

Contributors

Enable Azure Key Vault

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command enables the Azure Key Vault (AKV) associated with the given Vserver. An Azure application and AKV must be deployed on the Azure portal prior to running this command. This command is not supported for the admin Vserver, or if a key manager for the given data Vserver is already enabled. This command is also not supported in a MetroCluster environment.

Note This command is only available to the Azure NetApp Files Cloud Volume Services.

Parameters

-vserver <Vserver Name> - Vserver

Use this parameter to specify the Vserver on which the AKV is to be enabled.

-client-id <text> - Application (Client) ID of Deployed Azure Application

Use this parameter to specify the client (application) ID of the deployed Azure application.

-tenant-id <text> - Directory (Tenant) ID of Deployed Azure Application

Use this parameter to specify the tenant (directory) ID of the deployed Azure application.

-name {(ftp|http)://(hostname|IPv4 Address|'['IPv6 Address']')…​} - Deployed Azure Key Vault DNS Name

Use this parameter to specify the DNS name of the deployed AKV.

-key-id {(ftp|http)://(hostname|IPv4 Address|'['IPv6 Address']')…​} - Key Identifier of AKV Key Encryption Key

Use this parameter to specify the key identifier of the AKV Key Encryption Key (KEK).

Examples

The following example enables the AKV for Vserver v1. An Azure application with client-id "4a0f9c98-c5aa-4275-abe3-2780cf2801c3", tenant-id "8e21f23a-10b9-46fb-9d50-720ef604be98", client secret "abcdef" and an AKV with DNS name "https://akv-keyvault.vault.azure.net" is deployed on the Azure portal. An AKV KEK with DNS name "https://akv-keyvault.vault.azure.net/keys/key1/a8e619fd8f234db3b0b95c59540e2a74" is created on the Azure portal for the AKV.

cluster-1::>security key-manager external azure enable -client-id 4a0f9c98-c5aa-4275-abe3-2780cf2801c3 -tenant-id 8e21f23a-10b9-46fb-9d50-720ef604be98 -name https://akv-keyvault.vault.azure.net -key-id https://akv-keyvault.vault.azure.net/keys/key1/a8e619fd8f234db3b0b95c59540e2a74 -vserver v1

Enter the client secret for Azure Key Vault:

Re-enter the client secret for Azure Key Vault: