- External Key Manager
- Onboard Key Manager (OKM)
- NetApp Storage Encryption (NSE)
- ONTAP 9 and later
- At times, it may be desirable to rotate encryption keys when using NSE.
- This article describes the procedure to rotate encryption keys for NSE for ONTAP 9.0 and later.
- The process of rotating keys in an NSE environment depends on whether you are using an External Key Manager (using KMIP) or the OKM.
- External Key Managers require generating a new authentication key (AK) before the encryption key can be changed.
- OKM does not support creating a new AK. AKs are required to generate new encryption keys.