ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security key-manager key show

    (DEPRECATED)-Display encryption key IDs stored in the Onboard Key Manager

    Availability: This command is available to cluster administrators at the admin privilege level.

    Description

    This command is deprecated and might be removed in a future release. Use security key-manager key query instead.

    This command displays the key IDs of the authentication keys (NSE-AK) and SVM keys (SVM-KEK) that are available in Onboard Key Manager. This command is not supported for an external key management configuration.

    Parameters

    { [-fields <fieldname>,…​]

    If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

    | [-detail ]

    If this parameter is specified, the command displays additional details about the key IDs.

    | [-instance ] }

    If you specify the -instance parameter, the command displays detailed information about all fields.

    [-node {<nodename>|local}] - Node

    If this parameter is specified, the command displays information only about key IDs that are located on the specified storage system.

    [-key-store <Key Store>] - Key Store

    If this parameter is specified, the command displays information only about key IDs that are managed by the specified key management. For example, use onboard for the Onboard Key Manager.

    [-key-id <text>] - Key Identifier

    If this parameter is specified, the command displays information only about the specified key IDs.

    [-key-tag <text>] - Key Tag

    If this parameter is specified, the command displays information only about key IDs that have the specified key tags.

    [-key-location <text>] - Key Location

    If this parameter is specified, the command displays information only about key IDs that are located on the specified key location. For example, use local-cluster for the Onboard Key Manager.

    [-used-by <Key Usage Type>] - Used By

    If this parameter is specified, the command displays information only about key IDs that are associated with the specified application usage of the keys. For example, "NSE-AK" would display key IDs only for NSE drives.

    [-restored {yes|no}] - Restored

    If this parameter is specified, the command displays information only about key IDs that have the specified value of restored keys. If restored is yes , then the corresponding key is available (normal). If restored is no , use the security key-manager setup command to restore the key. See the man page for security key-manager setup for details.

    Examples

    The following example shows all keys stored in the Onboard Key Manager:

    cluster-1::> security key-manager key show
    
    Node: node1
    Key Store: onboard
    Used By
    --------
    NSE-AK
        Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
    NSE-AK
        Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
    SVM-KEK
        Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
    
    Node: node2
    Key Store: onboard
    Used By
    --------
    NSE-AK
        Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
    NSE-AK
        Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
    SVM-KEK
        Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
    6 entries were displayed.

    The following example shows a detailed view of all keys stored in the Onboard Key Manager:

    cluster-1::> security key-manager key show -detail
    
    Node: node1
    Key Store: onboard
    Key ID Key Tag         Used By    Stored In                            Restored
    ------ --------------- ---------- ------------------------------------ --------
    000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
           -               NSE-AK     local-cluster                        yes
    000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
           -               NSE-AK     local-cluster                        yes
    00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
           -               SVM-KEK    local-cluster                        yes
    
    Node: node2
    Key Store: onboard
    Key ID Key Tag         Used By    Stored In                            Restored
    ------ --------------- ---------- ------------------------------------ --------
    000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
           -               NSE-AK     local-cluster                        yes
    000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
           -               NSE-AK     local-cluster                        yes
    00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
           -               SVM-KEK    local-cluster                        yes
    6 entries were displayed.
    Top of Page