Skip to main content

Modify external key management server properties

Contributors netapp-aoife netapp-ahibbard netapp-thomi

Beginning with ONTAP 9.6, you can use the security key-manager external modify-server command to change the I/O timeout and user name of an external key management server.

Before you begin
  • You must be a cluster or SVM administrator to perform this task.

  • Advanced privileges are required for this task.

  • In a MetroCluster environment, you must repeat these steps on both clusters for the admin SVM.

Steps
  1. On the storage system, change to advanced privilege level:

    set -privilege advanced

  2. Modify external key manager server properties for the cluster:

    security key-manager external modify-server -vserver admin_SVM -key-server host_name|IP_address:port,…​ -timeout 1…​60 -username user_name

    Note

    The timeout value is expressed in seconds. If you modify the user name, you are prompted to enter a new password. If you run the command at the cluster login prompt, admin_SVM defaults to the admin SVM of the current cluster. You must be the cluster administrator to modify external key manager server properties.

    The following command changes the timeout value to 45 seconds for the cluster1 external key management server listening on the default port 5696:

    clusterl::> security key-manager external modify-server -vserver cluster1 -key-server ks1.local -timeout 45
  3. Modify external key manager server properties for an SVM (NVE only):

    security key-manager external modify-server -vserver SVM -key-server host_name|IP_address:port,…​ -timeout 1…​60 -username user_name

    Note

    The timeout value is expressed in seconds. If you modify the user name, you are prompted to enter a new password. If you run the command at the SVM login prompt, SVM defaults to the current SVM. You must be the cluster or SVM administrator to modify external key manager server properties.

    The following command changes the username and password of the svm1 external key management server listening on the default port 5696:

    svml::> security key-manager external modify-server -vserver svm11 -key-server ks1.local -username svm1user
    Enter the password:
    Reenter the password:
  4. Repeat the last step for any additional SVMs.