Skip to main content

security key-manager external show

Contributors
Suggest changes

Show the set of configured external key management servers.

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command displays the external key management servers configured on the cluster for a given Vserver. No entries are displayed when external key management is not enabled for the given Vserver. This command displays the primary external key management servers, along with any associated secondary key servers, configured on the cluster for a given Vserver.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <vserver name>] - Vserver Name

If you specify this parameter, then the command displays only the key management servers for the given Vserver.

[-key-server <text>] - Key Server Name with port

If you specify this parameter, then the command displays only the key management servers with the given primary key server host name or IP address listening on the given port.

[-client-cert <text>] - Name of the Client Certificate

If you specify this parameter, then the command displays only the key management servers using a client certificate with the given name.

[-server-ca-certs <text>,…​] - Names of the Server CA Certificates

If you specify this parameter, then the command displays only the key management servers using server-ca certificates with the given names.

[-timeout <integer>] - Server I/O Timeout

If you specify this parameter, then the command displays only the key management servers using the given I/O timeout.

[-username <text>] - Authentication User Name

If you specify this parameter, then the command displays only the key management servers using the given authentication username.

[-policy <text>] - Security Policy

If you specify this parameter, then the command displays only the key management servers using the given key manager policy.

[-secondary-key-servers <text>,…​] - Secondary Key Servers

If you specify this parameter, then the command displays only the key management servers with the given secondary key servers.

[-create-remove-timeout <integer>] - Key Server Timeout for Create and Remove

If you specify this parameter, then the command displays only the key management servers using the given create-remove I/O timeout.

[-enabled {true|false}] - Is Configuration Enabled?

If you specify this parameter, then the command displays only the key management servers that are enabled.

Examples

The following example lists all configured key management servers for all Vservers:

cluster-1::> security key-manager external show
Vserver: datavs
       Client Certificate: datavsClientCert
   Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
          Security Policy: IBM_Key_Lore
                  Enabled: true

Primary Key Server
 ----------------------------------------------------------------------
keyserver.datavs.com:5696
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
          Security Policy:
                  Enabled: true
Primary Key Server
 ----------------------------------------------------------------------
10.0.0.10:1234
    Secondary Servers: ks1.local, ks2.local
fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
ks1.local:1234
4 entries were displayed.

The following example lists all configured key management servers with more detail, including timeouts and usernames:

cluster-1::> security key-manager external show -instance
Vserver: datavs
       Client Certificate: datavsClientCert
   Server CA Certificates: datavsServerCaCert1, datavsServerCaCert2
       Primary Key Server: keyserver.datavs.com:5696
                  Timeout: 25
                 Username: datavsuser
          Security Policy: IBM_Key_Lore
                  Enabled: true
    Secondary Key Servers:
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
       Primary Key Server: 10.0.0.10:1234
                  Timeout: 25
                 Username:
          Security Policy:
                  Enabled: true
    Secondary Key Servers: ks1.local, ks2.local
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
       Primary Key Server: fd20:8b1e:b255:814e:32bd:f35c:832c:5a09:1234
                  Timeout: 25
                 Username:
          Security Policy:
                  Enabled: true
    Secondary Key Servers:
Vserver: cluster-1
       Client Certificate: AdminClientCert
   Server CA Certificates: AdminServerCaCert
       Primary Key Server: ks1.local:1234
                  Timeout: 45
                 Username:
          Security Policy:
                  Enabled: true
    Secondary Key Servers:
4 entries were displayed.