This command displays the key IDs of the authentication keys (NSE-AK) and SVM keys (SVM-KEK) that are available in Onboard Key Manager. This command is not supported for an external key management configuration.

Parameters

{ [-fields <fieldname>,…]: If you specify the -fields <fieldname>, … parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.
| [-detail ]: If this parameter is specified, the command displays additional details about the key IDs.
| [-instance ] }: If you specify the -instance parameter, the command displays detailed information about all fields.
[-node {<nodename>|local}] - Node: If this parameter is specified, the command displays information only about key IDs that are located on the specified storage system.
[-key-store <Key Store>] - Key Store: If this parameter is specified, the command displays information only about key IDs that are managed by the specified key management. For example, use onboard for the Onboard Key Manager.
[-key-id <text>] - Key Identifier: If this parameter is specified, the command displays information only about the specified key IDs.
[-key-tag <text>] - Key Tag: If this parameter is specified, the command displays information only about key IDs that have the specified key tags.
[-key-location <text>] - Key Location: If this parameter is specified, the command displays information only about key IDs that are located on the specified key location. For example, use local-cluster for the Onboard Key Manager.
[-used-by <Key Usage Type>] - Used By: If this parameter is specified, the command displays information only about key IDs that are associated with the specified application usage of the keys. For example, "NSE-AK" would display key IDs only for NSE drives.
[-restored {yes|no}] - Restored: If this parameter is specified, the command displays information only about key IDs that have the specified value of restored keys. If restored is yes , then the corresponding key is available (normal). If restored is no , use the security key-manager setup command to restore the key. See the man page for security key-manager setup for details.

Examples

The following example shows all keys stored in the Onboard Key Manager:

cluster-1::> security key-manager key show

Node: node1
Key Store: onboard
Used By
--------
NSE-AK
    Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
NSE-AK
    Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
SVM-KEK
    Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000

Node: node2
Key Store: onboard
Used By
--------
NSE-AK
    Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
NSE-AK
    Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
SVM-KEK
    Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
6 entries were displayed.

The following example shows a detailed view of all keys stored in the Onboard Key Manager:

cluster-1::> security key-manager key show -detail

Node: node1
Key Store: onboard
Key ID Key Tag         Used By    Stored In                            Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
       -               NSE-AK     local-cluster                        yes
000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
       -               NSE-AK     local-cluster                        yes
00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
       -               SVM-KEK    local-cluster                        yes

Node: node2
Key Store: onboard
Key ID Key Tag         Used By    Stored In                            Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
       -               NSE-AK     local-cluster                        yes
000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
       -               NSE-AK     local-cluster                        yes
00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
       -               SVM-KEK    local-cluster                        yes
6 entries were displayed.

ONTAP 9.12.1 commands

security key-manager key show

Description

Parameters

Examples

Related Links