Release notes
Assign a data authentication key to a FIPS drive or SED (onboard key management) with ONTAP
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
You can use the storage encryption disk modify command to assign a data authentication key to a FIPS drive or SED. Cluster nodes use this key to access data on the drive.
A self-encrypting drive is protected from unauthorized access only if its authentication key ID is set to a non-default value. The manufacturer secure ID (MSID), which has key ID 0x0, is the standard default value for SAS drives. For NVMe drives, the standard default value is a null key, represented as a blank key ID. When you assign the key ID to a self-encrypting drive, the system changes its authentication key ID to a non-default value.
You must be a cluster administrator to perform this task.
-
Assign a data authentication key to a FIPS drive or SED:
storage encryption disk modify -disk disk_ID -data-key-id key_IDLearn more about
storage encryption disk modifyin the ONTAP command reference.
You can use the
security key-manager key query -key-type NSE-AKcommand to view key IDs.cluster1::> storage encryption disk modify -disk 0.10.* -data-key-id <id_value> Info: Starting modify on 14 disks. View the status of the operation by using the storage encryption disk show-status command. -
Verify that the authentication keys have been assigned:
storage encryption disk showLearn more about
storage encryption disk showin the ONTAP command reference.cluster1::> storage encryption disk show Disk Mode Data Key ID ----- ---- ---------------------------------------------------------------- 0.0.0 data <id_value> 0.0.1 data <id_value> [...]
