Switch from external key management to ONTAP onboard key management
Suggest changes
PDFs
To switch to onboard key management, delete the external key management configuration before you enable onboard key management.
-
For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.
-
You must have deleted all external key manager connections.
-
You must be a cluster administrator to perform this task.
The steps to transition your key management depend on the version of ONTAP you are using.
-
Change to the advanced privilege level:
set -privilege advanced -
Use the command:
security key-manager external disable -vserver admin_SVM
In a MetroCluster environment, you must repeat the command on both clusters for the admin SVM.
Learn more about security key-manager external disable in the ONTAP command reference.
Use the command:
security key-manager delete-kmip-config
Learn more about security key-manager delete-kmip-config in the ONTAP command reference.