Skip to main content
NetApp Knowledge Base

When using Onboard Key Management (OKM): VEKs are not listed for some nodes when performing a key query

Views:
898
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9.6
  • Onboard Key Manager (OKM)

Issue

VEKs are not listed under some nodes when performing "security key-manager key query"

Cluster::*> key-manager key query
  (security key-manager key query)

     Vserver: Cluster
 Key Manager: onboard
        Node: Cluster-01
  Key Server: ""

Key Tag                               Key Type  Restored
------------------------------------  --------  --------
Cluster-01                            NSE-AK    true
    Key ID: 000000000000000002000000000001003260fcee69xxxx88155e8f9511a75680000000000000000
Cluster-01                            NSE-AK    true
    Key ID: 00000000000000000200000000000100354a30c9xxxx1b4ea18d772a94dc398d0000000000000000
Cluster-01                            SVM-KEK   true
    Key ID: 00000000000000000200000000000a002c38fab416e3d9xxx8c0876576160ff0000000000000000
Cluster-01                            SVM-KEK   true
    Key ID: 00000000000000000200000000000a008a2aafe553axxxxc2f1d1429014c35c70000000000000000

     Vserver: Cluster
 Key Manager: onboard
        Node: Cluster-02
  Key Server: ""

Key Tag                               Key Type  Restored
------------------------------------  --------  --------
Cluster-02                             NSE-AK    true
    Key ID: 000000000000000002000000000001003260fcee69xxxxd88155e8f9511a75680000000000000000
Cluster-02                             NSE-AK    true
    Key ID: 00000000000000000200000000000100354a30c9xxxx1b4ea18d772a94dc398d0000000000000000
SVM1                                   VEK       true
    Key ID: 00000000000000000200000000000500950bdf38a251b7xxxxac5acae751d5aa0000000000000000
SVM1                                   VEK       true
    Key ID: 00000000000000000200000000000500a3896a2b6ab5xxxx6387c9b52c31005c0000000000000000
Cluster-02                             SVM-KEK   true
    Key ID: 00000000000000000200000000000a002c38fab416e3d9xxxx8c0876576160ff0000000000000000
Cluster-02                             SVM-KEK   true
    Key ID: 00000000000000000200000000000a008a2aafe553axxxxc2f1d1429014c35c70000000000000000
10 entries were displayed.

If any listed keys have "false" in the "Restored" column, run the "security key-manager external restore" command to restore the keys that are stored on an external key server and run the "security key-manager onboard sync" command to synchronize the keys that are part of the onboard key hierarchy.
 

Observe the following keys are not listed under node: Cluster-01:

SVM1                                   VEK       true
    Key ID: 00000000000000000200000000000500950bdf38a251b7xxxxac5acae751d5aa0000000000000000
SVM1                                   VEK       true
    Key ID: 00000000000000000200000000000500a3896a2b6ab5xxxx6387c9b52c31005c0000000000000000

 

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.