ONTAP 9.14.1 commands

security key-manager key show

(DEPRECATED)-Display encryption key IDs stored in the Onboard Key Manager

Availability: This command is available to cluster administrators at the admin privilege level.

Description

This command is deprecated and might be removed in a future release. Use security key-manager key query instead.

This command displays the key IDs of the authentication keys (NSE-AK) and SVM keys (SVM-KEK) that are available in Onboard Key Manager. This command is not supported for an external key management configuration.

Parameters

{ [-fields <fieldname>,…​]

If you specify the -fields <fieldname>, …​ parameter, the command output also includes the specified field or fields. You can use '-fields ?' to display the fields to specify.

| [-detail ]

If this parameter is specified, the command displays additional details about the key IDs.

| [-instance ] }

If you specify the -instance parameter, the command displays detailed information about all fields.

[-node {<nodename>|local}] - Node

If this parameter is specified, the command displays information only about key IDs that are located on the specified storage system.

[-key-store <Key Store>] - Key Store

If this parameter is specified, the command displays information only about key IDs that are managed by the specified key management. For example, use onboard for the Onboard Key Manager.

[-key-id <text>] - Key Identifier

If this parameter is specified, the command displays information only about the specified key IDs.

[-key-tag <text>] - Key Tag

If this parameter is specified, the command displays information only about key IDs that have the specified key tags.

[-key-location <text>] - Key Location

If this parameter is specified, the command displays information only about key IDs that are located on the specified key location. For example, use local-cluster for the Onboard Key Manager.

[-used-by <Key Usage Type>] - Used By

If this parameter is specified, the command displays information only about key IDs that are associated with the specified application usage of the keys. For example, "NSE-AK" would display key IDs only for NSE drives.

[-restored {yes|no}] - Restored

If this parameter is specified, the command displays information only about key IDs that have the specified value of restored keys. If restored is yes , then the corresponding key is available (normal). If restored is no , use the security key-manager setup command to restore the key. See the man page for security key-manager setup for details.

Examples

The following example shows all keys stored in the Onboard Key Manager:

cluster-1::> security key-manager key show

Node: node1
Key Store: onboard
Used By
--------
NSE-AK
    Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
NSE-AK
    Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
SVM-KEK
    Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000

Node: node2
Key Store: onboard
Used By
--------
NSE-AK
    Key ID: 000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
NSE-AK
    Key ID: 000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
SVM-KEK
    Key ID: 00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
6 entries were displayed.

The following example shows a detailed view of all keys stored in the Onboard Key Manager:

cluster-1::> security key-manager key show -detail

Node: node1
Key Store: onboard
Key ID Key Tag         Used By    Stored In                            Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
       -               NSE-AK     local-cluster                        yes
000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
       -               NSE-AK     local-cluster                        yes
00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
       -               SVM-KEK    local-cluster                        yes

Node: node2
Key Store: onboard
Key ID Key Tag         Used By    Stored In                            Restored
------ --------------- ---------- ------------------------------------ --------
000000000000000002000000000001001bc4c708e2a89a312e14b6ce6d4d49d40000000000000000
       -               NSE-AK     local-cluster                        yes
000000000000000002000000000001005e89099721f8817e65e3aeb68be1bfca0000000000000000
       -               NSE-AK     local-cluster                        yes
00000000000000000200000000000a0046df92864d4cece662b93beb7f5366100000000000000000
       -               SVM-KEK    local-cluster                        yes
6 entries were displayed.
Top of Page