security key-manager external modify-server
Modify key server properties
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
This command modifies configuration information for configured key management servers. When modifying a key management server from the external key manager associated with the admin Vserver, you must run the same command specifying the same set of parameters on the peer cluster. When modifying a key management server from a data Vserver, you can run the security key-manager external modify-server
command on the active cluster only as the command is replicated on the peer cluster. However, if the password associated with a key management server is modified, then you must run the security key-manager external modify-server
command specifying the same password on the peer cluster as the password is not replicated between clusters. This command is supported only when external key manager has been enabled for the given Vserver.
Parameters
-vserver <vserver name>
- Vserver Name-
Use this parameter to specify the Vserver on which to modify the key management server configuration.
-key-server <Hostname and Port>
- External Key Server-
Use this parameter to specify the primary key management server for which the command modifies the configuration.
[-secondary-key-servers <Remote InetAddress>,…]
- Secondary Key Servers-
Use this parameter to specify the secondary key management servers that will be members of the set of clustered key servers. When specifying a secondary key server, a port number cannot be associated with the secondary key server.
[-timeout <integer>]
- Key Server I/O Timeout (privilege: advanced)-
Use this parameter to specify the I/O timeout, in seconds, for the selected key management server.
[-username <text>]
- Authentication User Name (privilege: advanced)-
Use this parameter to specify the username with which ONTAP authenticates with the key management server.
[-create-remove-timeout <integer>]
- Key Server Timeout for Create and Remove-
Use this parameter to specify a shorter I/O timeout, in seconds, to be used for create and delete operations for the selected key management server.
Examples
The following example modifies the I/O timeout to 45 seconds for Vserver cluster-1, key server keyserver1.local:
cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -timeout 45
The following example modifies the username and passphrase used to authenticate with key server keyserver1.local:
cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -username ksuser Enter the password: Reenter the password:
The following example modifies the secondary key management servers secondarykeyserver1.local and secondarykeyserver2.local to be in a cluster configuration with the primary key management server keyserver1.local
cluster-1::> security key-manager external modify-server -vserver cluster-1 -key-server keyserver1.local -secondary-key-servers secondarykeyserver1.local,secondarykeyserver2.local