Transitioning to onboard key management from external key management
If you want to switch to onboard key management from external key management, you must delete the external key management configuration before you can enable onboard key management.
Before you begin
For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.
You must have deleted all external key manager connections.
You must be a cluster administrator to perform this task.
Delete the external key management configuration for a cluster:security key-manager delete-kmip-config
| For this ONTAP version... | Use this command... |
|---|---|
| ONTAP 9.6 and later | security key-manager external disable -vserver admin_SVM |
| ONTAP 9.5 and earlier | security key-manager delete-kmip-config |
Note
For complete command syntax, see the man pages. The ONTAP 9.6 version of the command requires advanced privilege level.
Example
The following ONTAP 9.6 commands delete the external key management configurations for cluster1 :
cluster1::> set -privilege advanced
cluster1::> security key-manager external disable
Give documentation feedback