After performing an upgrade to ONTAP 9.5 or later, you must reconfigure your external key management (KMIP) server connections.
- Configure the key manager connectivity:security key-manager setup
- Add your KMIP servers: security key-manager add -address key_management_server_ip_address
- Verify that KMIP servers are connected: security key-manager show -status
- Query the key servers: security key-manager query
- Create a new authentication key and passphrase: security key-manager create-key -prompt-for-key true
The passphrase must have a minimum of 32 characters.
- Query the new authentication key: security key-manager query
- Assign the new authentication key to your self-encrypting disks (SEDs): storage encryption disk modify -disk disk_ID -data-key-id key_ID
Make sure you are using the new authentication key from your query.
- If needed, assign a FIPS key to the SEDs: storage encryption disk modify -disk disk_id -fips-key-id fips_authentication_key_id
If your security setup requires you to use different keys for data authentication and FIPS 140-2 authentication, you should create a separate key for each. If that is not the case, you can use the same authentication key for FIPS compliance that you use for data access.