Use volume encryption to ensure that volume data cannot be read if the underlying device is repurposed, returned, misplaced, or stolen. Volume encryption does not require special disks; it works with all HDDs and SSDs.
Volume encryption requires a key manager. You can configure the Onboard Key Manager using ONTAP System Manager. You can
also use an external key manager, but you need to first set it up using the ONTAP CLI.
After the key manager is configured, new volumes are encrypted by default.
Click Cluster > Settings.
Under Encryption, click to configure the Onboard Key Manager for the first time.
To encrypt existing volumes, click Storage > Volumes.
On the desired volume, click and then click Edit.
Select Enable encryption.