How to verify onboard key management backup and cluster-wide passphrase
Applies to
- ONTAP 9.7 and later
- Onboard Key Manager (OKM)
Description
Steps are provided on how to validate a cluster-wide passphrase and backup information to ensure that they are correct should those be needed for recovery.
- ONTAP provides the ability to be configured for onboard key management to encrypt data at rest
- The configuration is secured with a cluster-wide passphrase that is entered when the onboard key manager is configured and can be changed as needed
- The cluster-wide passphrase is a minimum of 32 characters (64 characters if using cc-mode) with a maximum of 256 characters
- Retention of both the passphrase and backup information is absolutely critical for assurance that access to encrypted data will always be available
- The loss of either of those items risks loss of access to that encrypted data under various scenarios