Aggregate encryption keys from decommissioned nodes remain in OKM
Applies to
- ONTAP 9
- Onboard Key Manager (OKM)
Issue
onboard sync
cluster1::*> key query
(security key-manager key query)
Node: cluster1-01
Vserver: cluster1
Key Manager: onboard
Key Manager Type: OKM
Key Manager Policy: -
Key Tag Key Type Encryption Restored
------------------------------------ -------- ------------ --------
cluster1-01 NSE-AK AES-256 true
Key ID: 000000000000000002000000000001002493afaa9f620f1612e31846018d2d3a0000000000000000
cluster1-01 NSE-AK AES-256 true
Key ID: 00000000000000000200000000000100b4a34ecc16364f9dccee7d1c16a579ed0000000000000000
93df9acc-3d21-4f06-ba64-b99a0a66d504 VEK XTS-AES-256 false
Key ID: 0000000000000000020000000000050007c551aebfa5b5ab40230ad43e880b510000000000000000
93df9acc-3d21-4f06-ba64-b99a0a66d504 VEK XTS-AES-256 false
Key ID: 000000000000000002000000000005001a80e9b1c7ce69f54eaa836d1455d6650000000000000000
<<<<<<<KEYS OMITTED FOR BREVITY>>>>>>>
Key ID: 00000000000000000200000000000500d682e8efb2150d0d5a76cb9d2c6b2dc00000000000000000
93df9acc-3d21-4f06-ba64-b99a0a66d504 VEK XTS-AES-256 false
Key ID: 00000000000000000200000000000500e00acebdcc4f5c43525e97e742426f1d0000000000000000
cluster1 SVM-KEK AES-256 true
Key ID: 00000000000000000200000000000a009340adb7ef9d8923a67d7931302c15600000000000000000
23 entries were displayed.