permalink	sidebar	keywords	summary
encryption-at-rest/transition-external-key-from-onboard-key-task.html	sidebar	transitioning, external key management, onboard key management	If you want to switch to external key management from onboard key management, you must delete the onboard key management configuration before you can enable external key management.

Transition to external key management from onboard key management

If you want to switch to external key management from onboard key management, you must delete the onboard key management configuration before you can enable external key management.

Before you begin

For hardware-based encryption, you must reset the data keys of all FIPS drives or SEDs to the default value.

Returning a FIPS drive or SED to unprotected mode
For software-based encryption, you must unencrypt all volumes.

Unencrypting volume data
You must be a cluster administrator to perform this task.

Step

Delete the onboard key management configuration for a cluster:

For this ONTAP version…	Use this command…
ONTAP 9.6 and later	`security key-manager onboard disable -vserver SVM`
ONTAP 9.5 and earlier	`security key-manager delete-key-database`

For complete command syntax, see the ONTAP command reference.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

transition-external-key-from-onboard-key-task.adoc

transition-external-key-from-onboard-key-task.adoc

Transition to external key management from onboard key management

Files

transition-external-key-from-onboard-key-task.adoc

Latest commit

History

transition-external-key-from-onboard-key-task.adoc

File metadata and controls

Transition to external key management from onboard key management