ONTAP 9.15.1 commands

security key-manager config show

Display key management configuration options

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

This command displays the key management configuration options.

The "cc-mode-enabled" option reflects the current configuraton state for Common-Criteria (CC) mode for the Onboard Key Manager. CC mode is an operational mode that enforces some of the policies required by the Common Criteria "Collaborative Protection Profile for Full Drive Encryption-Authorization Acquisition" (FDE-AA cPP) and "Collaborative Protection Profile for Full Drive Encryption-Encryption Engine" documents. The feature can be enabled when the Onboard Key Manager is configured using the security key-manager setup command or after the Onboard Key Manager is configured using the security key-manager config modify command.

Examples

The following example displays the state of all key-manager configuration options:

cluster-1::*> security key-manager config show
CC-Mode  health-monitor-polling-interval  cloud-kms-retry-count
Enabled  (in minutes)
-------  ------------                     ---------------------
true     30                               0
Top of Page