ONTAP 9.12.1 commands

50←PDF
  • ONTAP 9.12.1 commands(CA08871-263en.pdf)
  • security key-manager onboard enable

    Enable the Onboard Key Manager

    Availability: This command is available to cluster administrators at the admin privilege level.

    Description

    This command enables the Onboard Key Manager for the admin Vserver.

    Parameters

    [-cc-mode-enabled {yes|no}] - Enable Common Criteria Mode?

    Use this parameter to specify whether the Common Critieria (CC) mode should be enabled or not. When CC mode is enabled, you are required to provide a cluster passphrase that is between 64 and 256 ASCII character long, and you are required to enter that passphrase each time a node reboots. CC mode cannot be enabled in a MetroCluster configuration.

    [-are-unencrypted-metadata-volumes-allowed-in-cc-mode {yes|no}] - Are Unencrypted Metadata Volumes Allowed in Common Criteria Mode

    If Common Criteria (CC) mode is enabled this parameter allows unencrypted metadata volumes to exist. These metadata volumes are created internally during normal operation. Examples are volumes created during SnapMirror and Vserver migrate operations. the default value is no .

    Examples

    The following example enables the Onboard Key Manager for the admin Vserver cluster-1:

    cluster-1::> security key-manager onboard enable
    
    Enter the cluster-wide passphrase for the Onboard Key Manager:
    
    Re-enter the cluster-wide passphrase:
    
    After configuring the Onboard Key Manager, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation. To view the data, use the "security key-manager onboard show-backup" command.
    Top of Page