Can an existing encrypted volume have the encryption key changed or rekeyed?
Applies to
- ONTAP 9
- NetApp Volume Encryption (NVE)
- NetApp Aggregate Encryption (NAE)
- External Key Manager (EKM)
- Onboard Key Manager (OKM)
Answer
- Yes for NVE
- NAE does not support rekeying
Note: Rekeying is non-disruptive in nature and does not pose any risk of data loss.
Additional Information
- Change the encryption key for a volume with the volume encryption rekey start command
- FAQ: NetApp Volume Encryption and NetApp Aggregate Encryption
- Rekey is supported for both external and onboard key manager