Encrypt stored data using software-based encryption

Contributors netapp-aherbin netapp-thomi netapp-gregb Download PDF of this topic

Use volume encryption to ensure that volume data cannot be read if the underlying device is repurposed, returned, misplaced, or stolen. Volume encryption does not require special disks; it works with all HDDs and SSDs.

Volume encryption requires a key manager. You can configure the Onboard Key Manager using ONTAP System Manager. You can
also use an external key manager, but you need to first set it up using the ONTAP CLI.

After the key manager is configured, new volumes are encrypted by default.

  1. Click Cluster > Settings.

  2. Under Encryption, click Gear icon to configure the Onboard Key Manager for the first time.

  3. To encrypt existing volumes, click Storage > Volumes.

  4. On the desired volume, click Menu icon and then click Edit.

  5. Select Enable encryption.