How can I require a prompt for the OKM passphrase at controller reboot?
Applies to
- ONTAP 9
- NetApp Volume Encryption (NVE)
- NetApp Aggregate Encryption (NAE)
Answer
- You can opt to require the OKM passphrase by using the
-enable-cc-mode true
option with thesecurity key-manager setup
command. - This can be turned on prior to moving a controller and disk shelves and turned off after the move is complete.
- Starting with ONTAP 9.6, the command is
security key-manager onboard enable -cc-mode-enabled yes
.
Additional Information
FAQ: NetApp Volume Encryption and NetApp Aggregate Encryption