Transition to external key management from onboard key management

07/29/2024 Contributors

If you want to switch to external key management from onboard key management, you must delete the onboard key management configuration before you can enable external key management.

Before you begin

For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.

Returning a FIPS drive or SED to unprotected mode
For software-based encryption, you must unencrypt all volumes.

Unencrypting volume data
You must be a cluster administrator to perform this task.

Step

Delete the onboard key management configuration for a cluster:

For this ONTAP version…	Use this command…
ONTAP 9.6 and later	`security key-manager onboard disable -vserver SVM`
ONTAP 9.5 and earlier	`security key-manager delete-key-database`

For this ONTAP version…

Use this command…

ONTAP 9.6 and later

security key-manager onboard disable -vserver SVM

ONTAP 9.5 and earlier

security key-manager delete-key-database

For complete command syntax, see the ONTAP command reference.

Transition to external key management from onboard key management

Creating your file...