Transition to onboard key management from external key management
Contributors
Suggest changes
PDFs
If you want to switch to onboard key management from external key management, you must delete the external key management configuration before you can enable onboard key management.
Before you begin
-
For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.
-
You must have deleted all external key manager connections.
-
You must be a cluster administrator to perform this task.
Procedure
The steps to transition your key management depend on the version of ONTAP you are using.
ONTAP 9.6 and later
-
Change to the advanced privilege level:
set -privilege advanced -
Use the command:
security key-manager external disable -vserver admin_SVM
In a MetroCluster environment, you must repeat the command on both clusters for the admin SVM.
ONTAP 9.5 and earlier
Use the command:
security key-manager delete-kmip-config