ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security key-manager config modify

    Modify key management configuration options

    Availability: This command is available to cluster administrators at the advanced privilege level.

    Description

    This command modifies the key management configuration options.

    Parameters

    [-cc-mode-enabled {true|false}] - Enable Common Criteria Mode

    This parameter modifies the configuration state of the Onboard Key Manager (OKM) Common Criteria (CC) mode. CC mode enforces some of the policies required by the Common Criteria "Collaborative Protection Profile for Full Drive Encryption-Authorization Acquisition" (FDE-AA cPP) and "Collaborative Protection Profile for Full Drive Encryption-Encryption Engine" documents.

    [-health-monitor-polling-interval <integer>] - Health Monitor Polling Period (in minutes)

    This parameter modifies the the polling interval of the keyserver health monitor at the cluster level.

    [-cloud-kms-retry-count <integer>] - Cloud KMS connection retry count

    This parameter modifies the the cloud keymanager connection retry count at the cluster level.

    [-are-unencrypted-metadata-volumes-allowed-in-cc-mode {true|false}] - Are Unencrypted Metadata Volumes Allowed in Common Criteria Mode

    If Common Criteria (CC) mode is enabled this parameter allows unencrypted metadata volumes to exist. These metadata volumes are created internally during normal operation. Examples are volumes created during SnapMirror and Vserver migrate operations. The default value is false .

    Examples

    The following command enables Common Criterial mode in the cluster:

    cluster-1::*> security key-manager config modify -cc-mode-enabled true

    The following command modifies the keyserver health monitor polling interval to be 30 minutes:

    cluster-1::*> security key-manager config modify -health-monitor-polling-interval 30

    The following command modifies the cloud keymanager connection retry count to 3:

    cluster-1::*> security key-manager config modify -cloud-kms-retry-count 3
    Top of Page