Transition to external key management from onboard key management
Suggest changes
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
If you want to switch to external key management from onboard key management, you must delete the onboard key management configuration before you can enable external key management.
Before you begin
-
For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.
-
For software-based encryption, you must unencrypt all volumes.
-
You must be a cluster administrator to perform this task.
Step
-
Delete the onboard key management configuration for a cluster:
For this ONTAP version…
Use this command…
ONTAP 9.6 and later
security key-manager onboard disable -vserver SVM
ONTAP 9.5 and earlier
security key-manager delete-key-database
For complete command syntax, see the ONTAP manual pages.