permalink | sidebar | keywords | summary |
---|---|---|---|
encryption-at-rest/transition-external-key-from-onboard-key-task.html |
sidebar |
transitioning, external key management, onboard key management |
If you want to switch to external key management from onboard key management, you must delete the onboard key management configuration before you can enable external key management. |
If you want to switch to external key management from onboard key management, you must delete the onboard key management configuration before you can enable external key management.
Before you begin
-
For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.
-
For software-based encryption, you must unencrypt all volumes.
-
You must be a cluster administrator to perform this task.
Step
-
Delete the onboard key management configuration for a cluster:
For this ONTAP version…
Use this command…
ONTAP 9.6 and later
security key-manager onboard disable -vserver SVM
ONTAP 9.5 and earlier
security key-manager delete-key-database
For complete command syntax, see the ONTAP command reference.