Users Guide
Fabric OS Command Reference 195
53-1002921-02
cryptoCfg
2
To register a NetApp LKM appliance as the primary key vault "LKM1":
SecurityAdmin:switch> cryptocfg --reg -regkeyvault \
LKM1 lkmcert.pem 10.33.54.231 primary decru-lkm-1
Register key vault status: Operation Succeeded.
To set the key vault type to KMIP:
SecurityAdmin:switch> cryptocfg --set -keyvault KMIP
Set key vault status: Operation Succeeded.
To set the key vault parameters:
SecurityAdmin:switch> cryptocfg--set -kvparam ha opaque
KVParams Set Successfully
SecurityAdmin:switch> cryptocfg--set -kvparam cert ca
KVParams Set Successfully
SecurityAdmin:switch> cryptocfg--set -kvparam login enableP
KVParams Set Successfully
To display the key vault parameter setting:
SecurityAdmin:switch> cryptocfg --show -kvparam
KVParams are:
HA Mode = HA Opaque
Username authentication = Username/password
Certificate signature = CA Signed
Key vault client logging level = None
To add a member node to the encryption group:
SecurityAdmin:switch> cryptocfg --add -membernode \
10:00:00:05:1e:39:14:00
Add node status: Operation Succeeded.
To eject a member node from the encryption group:
SecurityAdmin:switch> cryptocfg --eject -membernode \
10:00:00:05:1e:53:b8:45
Eject node status: Operation Succeeded.
To leave the encryption group:
SecurityAdmin:switch> cryptocfg --leave_encryption_group
Leave node status: Operation Succeeded.
To generate the master key (DPM) on the group leader:
SecurityAdmin:switch> cryptocfg --genmasterkey
Master key generated. The master key should be
exported before further operations are performed.
To export the master key to the DPM key vault:
SecurityAdmin:switch> cryptocfg --exportmasterkey
Enter passphrase: **********
Confirm passphrase:**********
Master key exported.
Master Key ID: 11:95:82:cd:80:88:41:31:42:dd:c3:5f:d0:a7:95:55
Exported Key ID: 11:95:82:cd:80:88:41:31:42:dd:c3:5f:d0:a7:95:56
Master key exported.