Transition to onboard key management from external key management
Suggest changes
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- Security and data encryption
- Data protection and disaster recovery
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
If you want to switch to onboard key management from external key management, you must delete the external key management configuration before you can enable onboard key management.
Before you begin
-
For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.
-
You must have deleted all external key manager connections.
-
You must be a cluster administrator to perform this task.
Procedure
The steps to transition your key management depend on the version of ONTAP you are using.
ONTAP 9.6 and later
-
Change to the advanced privilege level:
set -privilege advanced
-
Use the command:
security key-manager external disable -vserver admin_SVM
In a MetroCluster environment, you must repeat the command on both clusters for the admin SVM.
ONTAP 9.5 and earlier
Use the command:
security key-manager delete-kmip-config