ONTAP 9.14.1 commands

security key-manager external aws show

Display AWS KMS configuration

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

This command displays the Amazon Web Service Key Management Service (AWSKMS) configuration for a given Vserver.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-vserver <Vserver Name>] - Vserver

If you specify this parameter, then the command displays only the AWSKMS configuration for the given Vserver.

[-region <text>] - AWS KMS Region

If you specify this parameter, then the command displays only the AWSKMS configuration with the given region.

[-key-id <text>] - AWS Key ID

If you specify this parameter, then the command displays only the AWSKMS configuration with the given key-id.

[-access-key-id <text>] - AWS Access Key ID

If you specify this parameter, then the command displays only the AWSKMS configuration with the given access key ID.

[-service <text>] - AWS Service Type

If you specify this parameter, then the command displays only the AWSKMS configurations with the given AWS service type.

[-default-domain <text>] - AWS KMS Default Domain

If you specify this parameter, then the command displays only the AWSKMS configurations with the given AWS KMS default domain.

[-state {available|not-responding|unknown}] - AWS KMS Cluster State

If you specify this parameter, then the command displays only the AWSKMS configurations with the given state. The state can be either available or unknown.

[-unavailable-nodes <text>] - Names of Unavailable Nodes

If you specify this parameter, then the command displays only the AWSKMS configurations with the given unavailable-nodes.

[-polling-period <integer>] - Polling period (in minutes)

If you specify this parameter, then the command displays only the AWSKMS configurations with the given polling period.

[-port <integer>] - AWS KMS Port

If you specify this parameter, then the command displays only the AWSKMS configurations with the given AWS KMS port.

[-verify {true|false}] - Verify the AWS KMS Host

If you specify this parameter, then the command displays only the AWSKMS configurations with the given value of the verify flag.

[-verify-host {true|false}] - Verify the AWS KMS Host’s Hostname

If you specify this parameter, then the command displays only the AWSKMS configurations with the given value of the verify-host flag.

[-verify-ip {true|false}] - Verify the AWS KMS Host’s IP

If you specify this parameter, then the command displays only the AWSKMS configurations with the given value of the verify-ip flag.

[-host <text>] - AWS KMS Host Name

If you specify this parameter, then the command displays only the AWSKMS configurations with the given AWS KMS host name.

[-encryption-context <text>] - Additional Layer of Authentication and Logging

If you specify this parameter, then the command displays only the AWSKMS configurations with the given value of the AWS encryption-context. The parameter should be in JSON format.

Examples

The following example lists all AWSKMS configurations.

cluster-1::>security key-manager external aws show
            Vserver: SAMPLE_VSERVER
             Region: SAMPLE_NA_REGION

Access Key Id                                State
------------------------------------------   -------
SAMPLE_ACCESS_KEY_ID                         unknown
SAMPLE_ACCESS_KEY_ID_2                       unknown
Unavailable Nodes:                           node1

The following example lists the AWSKMS configurations that have the given encryption context of {"team": "VEsecurity"} .

cluster-1::>security key-manager external aws show -encryption-context {"team": "VEsecurity"}
            Vserver: SAMPLE_VSERVER
             Region: SAMPLE_NA_REGION

Access Key Id                                State
------------------------------------------   -------
SAMPLE_ACCESS_KEY_ID                         unknown
Unavailable Nodes:                           node1
Top of Page