Manage authentication using KMIP servers

Contributors Download PDF of this page

With ONTAP 9.5 and later, you can use Key Management Interoperability Protocol (KMIP) servers to manage authentication keys.

Steps
  1. Add a new controller:

    security key-manager setup -node <new_controller_name>

  2. Add the key manager:

    security key-manager -add <key_management_server_ip_address>

  3. Verify that the key management servers are configured and available to all nodes in the cluster:

    security key-manager show -status

  4. Restore the authentication keys from all linked key management servers to the new node:

    security key-manager restore -node <new_controller_name>

  5. Rekey all self-encrypting disks with the new authentication key:

    storage encryption disk modify -disk * [-data-key-id nonMSID AK]

  6. If you use the Federal Information Processing Standard (FIPS), rekey all self-encrypting disks with the new authentication key:

    storage encryption disk* modify -disk * [-fips-key-id nonMSID AK]