Manage authentication using KMIP servers

Contributors netapp-pcarriga

With ONTAP 9.5 and later, you can use Key Management Interoperability Protocol (KMIP) servers to manage authentication keys.

Steps
  1. Add a new controller:

    security key-manager setup -node new_controller_name

  2. Add the key manager:

    security key-manager -add key_management_server_ip_address

  3. Verify that the key management servers are configured and available to all nodes in the cluster:

    security key-manager show -status

  4. Restore the authentication keys from all linked key management servers to the new node:

    security key-manager restore -node new_controller_name

  5. Rekey all self-encrypting disks with the new authentication key:

    storage encryption disk modify -disk * [-data-key-id nonMSID AK]

  6. If you use the Federal Information Processing Standard (FIPS), rekey all self-encrypting disks with the new authentication key:

    storage encryption disk* modify -disk * [-fips-key-id nonMSID AK]