Skip to main content

Learn about configuring external key management with ONTAP NetApp Volume Encryption

Contributors netapp-bhouser netapp-barbe netapp-aaron-holt netapp-ahibbard netapp-aherbin
PDFs

You can use one or more external key management servers to secure the keys that the cluster uses to access encrypted data. An external key management server is a third-party system in your storage environment that serves keys to nodes using the Key Management Interoperability Protocol (KMIP). In addition to the Onboard Key Manager, ONTAP supports several external key management servers.

Beginning with ONTAP 9.10.1, you can use xref:manage-keys-azure-google-task.html[Azure Key Vault or Google Cloud Key Manager Service] to protect your NVE keys for data SVMs. Beginning with ONTAP 9.11.1, you can configure multiple external key managers in a cluster. See xref:configure-cluster-key-server-task.html[Configure clustered key servers]. Beginning with ONTAP 9.12.0, you can use link:https://docs.aws.amazon.com/kms/latest/developerguide/overview.html[AWS' KMS^] to protect your NVE keys for data SVMs. Beginning with ONTAP 9.17.1, you can use OpenStack's xref:manage-keys-barbican-task.html[Barbican KMS] to protect your NVE keys for data SVMs.