Skip to main content

Encrypt stored data using software-based encryption

Contributors netapp-thomi netapp-aherbin netapp-gregb netapp-ahibbard
PDFs

Use volume encryption to ensure that volume data cannot be read if the underlying device is repurposed, returned, misplaced, or stolen. Volume encryption does not require special disks; it works with all HDDs and SSDs.

About this task

This procedure applies to FAS, AFF, and current ASA systems. If you have an ASA r2 system (ASA A1K, ASA A70, or ASA A90), follow these steps to enable software level encryption. ASA r2 systems provide a simplified ONTAP experience specific to SAN-only customers.

Volume encryption requires a key manager. You can configure the Onboard Key Manager using System Manager. You can also use an external key manager, but you need to first set it up using the ONTAP CLI.

After the key manager is configured, new volumes are encrypted by default.

Steps

  1. Click Cluster > Settings.

  2. Under Encryption, click Actions icon to configure the Onboard Key Manager for the first time.

  3. To encrypt existing volumes, click Storage > Volumes.

  4. On the desired volume, click Menu options icon and then click Edit.

  5. Select Enable encryption.