ONTAP 9 Manuals ( CA08871-402 )

Regenerate keys and modify their retention period

Access keys and secret keys are automatically generated during user creation for enabling S3 client access. You can regenerate keys for a user if a key is expired or compromised.

For information about generation of access keys, see Create an S3 user.

CLI
  1. Regenerate access and secret keys for a user by running the vserver object-store-server user regenerate-keys command.

  2. By default, generated keys are valid indefinitely. Beginning with 9.14.1, you can modify their retention period, after which the keys automatically expire. You can add the retention period in this format: P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W
    For example, if you want to enter a retention period of one day, two hours, three minutes, and four seconds, enter the value as P1DT2H3M4S.

    vserver object-store-server user regenerate-keys -vserver svm_name -user user -key-time-to-live 0
  3. Save the access and secret keys. They will be required for access from S3 clients.

ONTAP System Manager
  1. Click Storage > Storage VMs and then select the storage VM.

  2. In the Settings tab, click edit icon in the S3 tile.

  3. In the Users tab, verify that there is no access key, or the key has expired for the user.

  4. If you need to regenerate the key, click more icon next to the user, then click Regenerate Key.

  5. By default, generated keys are valid for an indefinite amount of time. Beginning with 9.14.1, you can modify their retention period, after which the keys automatically expire. Enter the retention period in days, hours, minutes, or seconds.

  6. Click Save. The key is regenerated. Any change in the key retention period takes effect immediately.

  7. Download or save the access key and secret key. They will be required for access from S3 clients.

Top of Page