Remove an external key manager connection
You can disconnect a KMIP server from a node when you no longer need the server. For example, you might disconnect a KMIP server when you are transitioning to volume encryption.
You must be a cluster or SVM administrator to perform this task.
When you disconnect a KMIP server from one node in an HA pair, the system automatically disconnects the server from all cluster nodes.
If you plan to continue using external key management after disconnecting a KMIP server, make sure another KMIP server is available to serve authentication keys.
Disconnect a KMIP server from the current node:
For this ONTAP version…
Use this command…
ONTAP 9.6 and later
security key-manager external remove-servers -vserver SVM -key-servers host_name|IP_address:port,…
ONTAP 9.5 and earlier
security key-manager delete -address key_management_server_ipaddress
For complete command syntax, see the man pages.
The following ONTAP 9.6 command disables the connections to two external key management servers for
cluster1, the first named
ks1, listening on the default port 5696, the second with the IP address 10.0.0.20, listening on port 24482:
clusterl::> security key-manager external remove-servers -vserver cluster-1 -key-servers ks1,10.0.0.20:24482