Changing the onboard key management passphrase

It is a security best practice to change the onboard key management passphrase periodically. You should copy the new onboard key management passphrase to a secure location outside the storage system for future use.

1. Change to advanced privilege level: set -privilege advanced
2. Change the onboard key management passphrase:

   For this ONTAP version...	Use this command...
   ONTAP 9.6 and later	security key-manager onboard update-passphrase
   ONTAP 9.5 and earlier	security key-manager update-passphrase

   For complete command syntax, see the man pages.

   Example

   The following ONTAP 9.6 command lets you change the onboard key management passphrase for cluster1 :

   clusterl::> security key-manager onboard update-passphrase
       Warning: This command will reconfigure the cluster passphrase for onboard
                key management for Vserver "cluster1".
       Do you want to continue? {y|n}: y
       Enter current passphrase:
       Enter new passphrase:
   
3. Enter y at the prompt to change the onboard key management passphrase.
4. Enter the current passphrase at the current passphrase prompt.
5. At the new passphrase prompt, enter a passphrase between 32 and 256 characters, or for cc-mode, a passphrase between 64 and 256 characters.

   Note

   If the specified cc-mode passphrase is less than 64 characters, there is a five-second delay before the key manager setup wizard displays the passphrase prompt again.
6. At the passphrase confirmation prompt, reenter the passphrase.