Skip to main content
NetApp Knowledge Base

How to rotate encryption keys for NetApp Storage Encryption (NSE)

Views:
239
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • External Key Manager 
  • Onboard Key Manager (OKM)
  • NetApp Storage Encryption (NSE)
  • ONTAP 9 and later

Description

  • At times, it may be desirable to rotate encryption keys when using NSE.
  • This article describes the procedure to rotate encryption keys for NSE for ONTAP 9.0 and later.
  • The process of rotating keys in an NSE environment depends on whether you are using an External Key Manager (using KMIP) or the OKM.
  • External Key Managers require generating a new authentication key (AK) before the encryption key can be changed.
  • OKM does not support creating a new AK. AKs are required to generate new encryption keys.