Create storage array security key
The create storageArray securityKey command creates or changes a new security key for a storage array that has full disk encryption (FDE) drives.
Supported Arrays
If external key management is enabled, then this command applies only to the DE2000H, DE4000H, DE4000F, DE6000H, and DE6000F arrays. If internal key management is enabled, then the command applies to any individual storage array, as long as all SMcli packages are installed.
Roles
To execute this command on an storage array, you must have the Security Admin role.
Context
For internal key management, this command enables the Internal Key Management feature and creates the security key. After creating the key, use the set storageArray securityKey command to put the key into use. This command can also be used to change the security key.
For external key management, this command creates a different key to replace the key initially created when you enabled the feature. Use the enable storageArray externalKeyManagement command to enable the External Key Management feature and create the initial security key. This command can also be used to change the security key.
Syntax
create storageArray securityKey
[keyIdentifier="<var id="GUID-D923ED5A-E76C-44F8-A57B-AB03C109467A__V1111120" className="keyword varname">keyIdentifierString</var>"]
passPhrase="<var id="GUID-D923ED5A-E76C-44F8-A57B-AB03C109467A__V1111121" className="keyword varname">passPhraseString</var>"
file="<var id="GUID-D923ED5A-E76C-44F8-A57B-AB03C109467A__V1111122" className="keyword varname">fileName</var>"
[commitSecurityKey=(TRUE | FALSE)]
Parameters
| Parameter | Description |
|---|---|
| keyIdentifier - only applicable for internal key management | A character string that you can read that is a wrapper around a security key. Enclose the key identifier in double quotation marks (" "). You can enter characters for the key identifier for internal security keys to help you identify the key later. These are the formatting rules:
Additional characters are automatically generated and appended to the end of the string that you enter for the key identifier. If you do not enter any string for the keyIdentifier parameter, the key identifier consists of only the characters that are automatically generated. Important This parameter is ignored for external key management, because the key identifier is completely automatically generated. If the storage array has a user label, this automatically generated string is composed of the characters |
| passPhrase | A character string that encrypts the security key so that you can store the security key in an external file. Enclose the pass phrase in double quotation marks (" "). For information about the correct form for creating a valid pass phrase, refer to the Notes in this command description. Your pass phrase must meet these criteria:
Note If your pass phrase does not meet these criteria, you will receive an error message and will be asked to retry the command. |
| file | The file path and the file name to which you want to save the security key. For example: Important The file name must have an extension of Enclose the file path and name in double quotation marks (" "). |
| commitSecurityKey - only applicable for internal key management | This parameter commits the security key to the storage array for all FDE drives as well as the controllers. After the security key is committed, a key is required to access data on Security Enabled drives in the storage array. The data can only be read or changed by using a key, and the drive can never be used in a non-secure mode without rendering the data useless or totally erasing the drive. The default value is FALSE. If this parameter is set to FALSE, send a separate set storageArray securityKey command to commit the security key to the storage array. |