Get an IP address of an external key management server for Storage Encryption

Contributors Download PDF of this page

After upgrading, you must immediately configure Storage Encryption and establish a cluster-wide authentication key to replace the previous node-level authentication keys.

Steps
  1. Install the necessary client and server secure sockets layer (SSL) certificates required to communicate with key management servers:

    security certificate install

  2. Configure Storage Encryption on all nodes by using the following command on each node:

    security key-manager setup

  3. Add the IP address for each key management server:

    security key-manager add

  4. Verify that the same key management servers are configured and available on all nodes in the cluster:

    security key-manager show -status

  5. Create a new cluster-wide authentication key:

    security key-manager create-key

  6. Make a note of the new authentication key ID.

  7. Rekey all self-encrypting drives with the new authentication key:

    storage encryption disk modify -disk * -data-key-id <authentication_key_id>