ONTAP 9.13.1 commands

security key-manager onboard update-passphrase

Update the Onboard Key Manager Passphrase

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

This command provides a way to update the cluster-wide passphrase that is used for the Onboard Key Manager and initially created by running the security key-manager onboard enable command. This command prompts for the existing passphrase, and if that passphrase is correct then the command prompts for a new passphrase. When the Onboard Key Manager is enabled for the admin Vserver, run the security key-manager onboard show-backup command after updating the passphrase and save the output for emergency recovery scenarios. When the security key-manager onboard update-passphrase command is executed in a MetroCluster configuration, then run the security key-manager onboard sync command with the new passphrase on the partner site before proceeding with any key-manager operations. This allows the updated passphrase to be replicated to the partner site.

Examples

The following example updates the cluster-wide passphrase used for the Onboard Key Manager:

cluster-1::*> security key-manager onboard update-passphrase

Warning: This command will reconfigure the cluster passphrase for onboard
         key management.
Do you want to continue? {y|n}: y

Enter current passphrase:

Enter new passphrase:

Reenter the new passphrase:
Update passphrase has completed. Save the new encrypted configuration data in
a safe location so that you can use it if you need to perform a manual recovery
operation. To view the data, use the "security key-manager onboard show-backup"
command.
Top of Page