Exciting new changes are coming to the Knowledge Base site soon!
Starting April 4, 2023, you will notice Support-Specific categorization and improvements to the search filters on the site. In May, we will be launching a new and enhanced Site UI and Navigation. To know more, read our Knowledge Article.

Home
Advice and Troubleshooting
Data Storage Software
ONTAP OS
How can I require a prompt for the OKM passphrase at controller reboot?

How can I require a prompt for the OKM passphrase at controller reboot?

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 126

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9
NetApp Volume Encryption (NVE)
NetApp Aggregate Encryption (NAE)

Answer

You can opt to require the OKM passphrase by using the -enable-cc-mode true option with the security key-manager setup command.
This can be turned on prior to moving a controller and disk shelves and turned off after the move is complete.
Starting with ONTAP 9.6, the command is security key-manager onboard enable -cc-mode-enabled yes.

Additional Information

FAQ: NetApp Volume Encryption and NetApp Aggregate Encryption