How to rotate data authentication keys on a FIPS drive or SED
Applies to
- External Key Manager
- Onboard Key Manager (OKM)
- NetApp Storage Encryption (NSE)
- ONTAP 9 and later
Description
- At times, it may be desirable to rotate data authentication keys on a FIPS drive or SED.
- The process of rotating keys in an NSE environment depends on whether you are using an External Key Manager (using KMIP) or the OKM.
- External Key Managers require generating a new authentication key (AK) before assigning new authentication keys to the drives.
- OKM does not support generating new authentication keys without deleting and recreating the OKM configuration on the cluster.