Fabric OS Encryption Administrator's Guide
10 Fabric OS Encryption Administrator’s Guide
53-1002159-03
Master key management
1
FIGURE 5 DEK life cycle
Master key management
Communications with opaque key vaults are encrypted using a master key that is created by the
encryption engine on the encryption switch. Currently, this includes the key vaults of all supported
key management systems except NetApp LKM.
Master key generation
A master key must be generated by the group leader encryption engine. The master key can be
generated once by the group leader, then propagated to the other members of an encryption group.
Master key backup
It is essential to back up the master key immediately after it is generated. The master key may be
backed up to any of the following:
• A file as an encrypted key
• The key management system as an encrypted key record