Encryption KBs
Encryption KBs
Featured
NetApp Encryption Overview
NetApp offers both software and hardware based encryption technologies
NetApp offers both software and hardware based encryption technologies
FAQ: NVE and NAE
Frequently asked questions about NetApp Volume and NetApp Aggregate Encryption
Frequently asked questions about NetApp Volume and NetApp Aggregate Encryption
What is NetApp Storage Encryption
Full disk encryption that protects data at rest with no operational impact
Full disk encryption that protects data at rest with no operational impact
Other Resources
- Node fails to boot due to an encrypted root volume - Key not restoredMon, 08 Jun 2026
- Are there any impacts on existing data or network communication when enabling data encryption with NSE?Thu, 28 May 2026
- HA pair boot failure after power restoration due to Onboard Key Manager key unseal failureMon, 25 May 2026
- Node Timeout While Connecting to (KMIP) External Key ManagerThu, 21 May 2026
- ONTAP Call Home Alert: Authentication Key Check Failure with External Key ManagerMon, 11 May 2026
- KMIP Destroy in ONTAP Does Not Purge Encryption Key Metadata in CipherTrust/EKMMon, 06 Apr 2026
- How to update existing KMIP SSL certificates from ONTAP boot menuWed, 01 Apr 2026
- What is the purpose of the arw.medium.encryption.percentage.threshold option in ONTAP 9.17.1?Fri, 27 Mar 2026
- Attempting to disable onboard key manager to delete disk encryption key failsFri, 13 Mar 2026
- How to enable OKM in ONTAP for non-MetroCluster environmentsFri, 06 Feb 2026
- Lun creation fails with "The Onboard Key Manager is already configured"Thu, 05 Feb 2026
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.XFri, 30 Jan 2026
- Unable to configure data SVM key manager with NAE volumes in 9.16.1PxWed, 03 Dec 2025
- Understanding ARP protection on SAN and VMDK Workload VolumesFri, 21 Nov 2025
- Failed to verify the backup blob after adding node to clusterMon, 03 Nov 2025
- Does ONTAP 9 support the ACME protocol for automated certificate management?Wed, 08 Oct 2025
- Does the SAN ARP entropy evaluation period apply to NAS volumes including VM datastores ?Fri, 03 Oct 2025
- TPM driver detaching at Boot in ONTAP 9.16.1 and higherMon, 29 Sep 2025
- Onboard keys not found after boot device replacementThu, 18 Sep 2025
- crypto.import.failed errors after re-initializing an ONTAP ClusterFri, 05 Sep 2025
- When Onboard Key Manager (OKM) Common Criteria Mode is enabled a cluster-wide passphrase is required at system startupTue, 09 Jun 2026
- Node fails to boot due to an encrypted root volume - Key not restoredMon, 08 Jun 2026
- Understanding ARP protection on SAN and VMDK Workload VolumesThu, 04 Jun 2026
- Are there any impacts on existing data or network communication when enabling data encryption with NSE?Thu, 28 May 2026
- Is enabling encryption on an existing volume with user data disruptive?Thu, 28 May 2026
- HA pair boot failure after power restoration due to Onboard Key Manager key unseal failureThu, 28 May 2026
- Failed to verify the backup blob after adding node to clusterTue, 26 May 2026
- Is it possible to rekey NSE disk non-disruptivelyTue, 26 May 2026
- NSE: How to enable drive authentication on a NSE spare drive replacementSun, 24 May 2026
- Node Timeout While Connecting to (KMIP) External Key ManagerThu, 21 May 2026
- Digital Certificate Expiring\Expired in Active IQ Unified ManagerMon, 18 May 2026
- No OKM in use: ANDU validation fails, Error: One or more encryption keys are unavailableThu, 14 May 2026
- ONTAP Call Home Alert: Authentication Key Check Failure with External Key ManagerMon, 11 May 2026
- Cannot unjoin NSE node from cluster, gives "Error: command failed: Cannot unjoin node"Wed, 06 May 2026
- Does NetApp Volume Encryption have to be enabled on both source and destination volumes of a SnapMirror relationship?Thu, 30 Apr 2026
- If I use NetApp SnapMirror to mirror my encrypted volume to a different cluster, is the same encryption key used at the destination?Thu, 30 Apr 2026
- How to recover from a lost passphrase while using onboard encryption and NVE within ONTAPFri, 24 Apr 2026
- Onboard keymanager sync fails after motherboard replacementFri, 17 Apr 2026
- How to update existing KMIP SSL certificates from ONTAP boot menuTue, 14 Apr 2026
- How do i know whether my data is encrypted at rest?Thu, 09 Apr 2026
Highest rated
(rating)- How to determine if the running ONTAP version supports Data At Rest Encryption
- How do I realize aggregate deduplication space savings after moving NVE volumes to NAE volumes?
- NVE: Encrypted volumes go offline after reboot in ONTAP 9.5 and earlier
- How to remove Onboard Key Management (OKM) in Data ONTAP 9.6 and later when volumes are encrypted
- How to rotate data authentication keys on a FIPS drive or SED
- What data is encrypted with NetApp Volume Encryption (NVE) and NetApp Aggregate Encryption (NAE)?
- Giveback during ANDU is vetoed due to External Key Manager
- Can deleted files be non-disruptively purged from NVE volumes?
- ONTAP 9 giveback operation was vetoed by keymanager
- Nodes will not boot, error: Unable to restore data access on encrypting disk
- Encrypted volumes offline because of manual giveback with override vetoes
- The new client certificate public or private keys are different from the existing client certificate
- Can I do a volume move while an active NVE volume encryption start is running?
- Digital Certificate Expiring\Expired in Active IQ Unified Manager
- When Onboard Key Manager (OKM) Common Criteria Mode is enabled a cluster-wide passphrase is required at system startup
Recently updated
(date updated)- When Onboard Key Manager (OKM) Common Criteria Mode is enabled a cluster-wide passphrase is required at system startup
- Node fails to boot due to an encrypted root volume - Key not restored
- Understanding ARP protection on SAN and VMDK Workload Volumes
- Are there any impacts on existing data or network communication when enabling data encryption with NSE?
- Is enabling encryption on an existing volume with user data disruptive?
- HA pair boot failure after power restoration due to Onboard Key Manager key unseal failure
- Failed to verify the backup blob after adding node to cluster
- Is it possible to rekey NSE disk non-disruptively
- NSE: How to enable drive authentication on a NSE spare drive replacement
- Node Timeout While Connecting to (KMIP) External Key Manager
- Digital Certificate Expiring\Expired in Active IQ Unified Manager
- No OKM in use: ANDU validation fails, Error: One or more encryption keys are unavailable
- ONTAP Call Home Alert: Authentication Key Check Failure with External Key Manager
- Cannot unjoin NSE node from cluster, gives "Error: command failed: Cannot unjoin node"
- Does NetApp Volume Encryption have to be enabled on both source and destination volumes of a SnapMirror relationship?
Recently added
(date created)- Node fails to boot due to an encrypted root volume - Key not restored
- Are there any impacts on existing data or network communication when enabling data encryption with NSE?
- HA pair boot failure after power restoration due to Onboard Key Manager key unseal failure
- Node Timeout While Connecting to (KMIP) External Key Manager
- ONTAP Call Home Alert: Authentication Key Check Failure with External Key Manager
- KMIP Destroy in ONTAP Does Not Purge Encryption Key Metadata in CipherTrust/EKM
- How to update existing KMIP SSL certificates from ONTAP boot menu
- What is the purpose of the arw.medium.encryption.percentage.threshold option in ONTAP 9.17.1?
- Attempting to disable onboard key manager to delete disk encryption key fails
- How to enable OKM in ONTAP for non-MetroCluster environments
- Lun creation fails with "The Onboard Key Manager is already configured"
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.X
- Unable to configure data SVM key manager with NAE volumes in 9.16.1Px
- Understanding ARP protection on SAN and VMDK Workload Volumes
- Failed to verify the backup blob after adding node to cluster