Skip to main content

security key-manager config modify

Contributors
Suggest changes

Modify key management configuration options

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

This command modifies the key management configuration options.

Parameters

[-cc-mode-enabled {true|false}] - Enable Common Criteria Mode (privilege: advanced)

This parameter modifies the configuration state of the Onboard Key Manager (OKM) Common Criteria (CC) mode. CC mode enforces some of the policies required by the Common Criteria "Collaborative Protection Profile for Full Drive Encryption-Authorization Acquisition" (FDE-AA cPP) and "Collaborative Protection Profile for Full Drive Encryption-Encryption Engine" documents.

[-health-monitor-polling-interval <integer>] - Health Monitor Polling Period (in minutes) (privilege: advanced)

This parameter modifies the the polling interval of the keyserver health monitor at the cluster level.

[-cloud-kms-retry-count <integer>] - Cloud KMS connection retry count (privilege: advanced)

This parameter modifies the the cloud keymanager connection retry count at the cluster level.

[-are-unencrypted-metadata-volumes-allowed-in-cc-mode {true|false}] - Are Unencrypted Metadata Volumes Allowed in Common Criteria Mode (privilege: advanced)

If Common Criteria (CC) mode is enabled this parameter allows unencrypted metadata volumes to exist. These metadata volumes are created internally during normal operation. Examples are volumes created during SnapMirror and Vserver migrate operations. The default value is false .

Examples

The following command enables Common Criterial mode in the cluster:

cluster-1::*> security key-manager config modify -cc-mode-enabled true

The following command modifies the keyserver health monitor polling interval to be 30 minutes:

cluster-1::*> security key-manager config modify -health-monitor-polling-interval 30

The following command modifies the cloud keymanager connection retry count to 3:

cluster-1::*> security key-manager config modify -cloud-kms-retry-count 3