Deleting an external key manager connection
You can disconnect a KMIP server from a node when you no longer need the server. You might disconnect a KMIP server when you are transitioning to volume encryption, for example.
Before you begin
You must be a cluster or SVM administrator to perform this task.About this task
When you disconnect a KMIP server from one node in an HA pair, the system automatically disconnects the server from all cluster nodes.
Note
If you plan to continue using external key management after disconnecting a KMIP server, make sure another KMIP server is available to serve authentication keys.
Disconnect a KMIP server from the current node:
| For this ONTAP version... | Use this command... |
|---|---|
| ONTAP 9.6 and later | security key-manager external remove-servers -vserver SVM -key-servers host_name|IP_address:port,... |
| ONTAP 9.5 and earlier | security key-manager delete -address key_management_server_ipaddress |
For complete command syntax, see the man pages.
Example
The following ONTAP 9.6 command disables the connections to two external key management servers for cluster1 , the first named ks1 , listening on the default port 5696, the second with the IP address 10.0.0.20, listening on port 24482:
clusterl::> security key-manager external remove-servers -vserver cluster-1 -key-servers ks1,10.0.0.20:24482
Give documentation feedback