Skip to main content

Change the ONTAP onboard key management passphrase

Contributors netapp-barbe netapp-aaron-holt netapp-bhouser netapp-ahibbard netapp-forry netapp-thomi netapp-aherbin
PDFs

Change the onboard key management passphrase regularly. Store the new passphrase in a secure location outside the storage system.

Before you begin

  • You must be a cluster or SVM administrator to perform this task.

  • Advanced privileges are required for this task.

  • If you are administering an ONTAP MetroCluster environment, you must update the passphrase on both clusters

Steps

  1. Change to advanced privilege level:

    set -privilege advanced

  2. Change the onboard key management passphrase:

    For this ONTAP version…​

    Use this command…​

    ONTAP 9.6 and later

    security key-manager onboard update-passphrase

    ONTAP 9.5 and earlier

    security key-manager update-passphrase

  3. Enter a passphrase between 32 and 256 characters, or for “cc-mode”, a passphrase between 64 and 256 characters.

    If the specified “cc-mode” passphrase is less than 64 characters, there is a five-second delay before the key manager setup operation displays the passphrase prompt again.

  4. At the passphrase confirmation prompt, reenter the passphrase.

After you finish

You should copy the onboard key management passphrase to a secure location outside the storage system for future use.

You should back up key management information manually whenever you change the onboard key management passphrase.

Related information