ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security key-manager external gcp rekey-external

    Rekey an external key of the Vserver

    Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

    Description

    This command replaces the existing GCP key encryption key (KEK) and results in the key hierarchy being protected by the user specified GCP KEK. The GCP key ring in use by the GCP Portal should be updated to use the new KEK prior to running this command. Upon successful completion of this command, the internal keys for the given Vserver will be protected by the new GCP KEK.

    Parameters

    -vserver <Vserver Name> - Vserver

    This parameter specifies the Vserver for which ONTAP should rekey the GCP KEK.

    -key-name <text> - Google Cloud KMS Key Encryption Key Name

    This parameter specifies the key name of the new GCP KEK that should be used by ONTAP for the provided Vserver.

    [-project-id <text>] - Google Cloud KMS Project (Application) ID

    This parameter specifies the new project ID of the new GCP KEK that should be used by ONTAP for the provided Vserver.

    [-key-ring-name <text>] - Google Cloud KMS Key Ring Name

    This parameter specifies the new key ring name of the new GCP KEK that should be used by ONTAP for the provided Vserver.

    [-key-ring-location <text>] - Google Cloud KMS Key Ring Location

    This parameter specifies the new key ring location of the new GCP KEK that should be used by ONTAP for the provided Vserver.

    Examples

    The following command rekeys GCP KEK for data Vserver v1 using a new key-name key1.

    cluster-1::> security key-manager external gcp rekey-external -vserver v1 -key-name key1
    Top of Page