Skip to main content
NetApp Knowledge Base

Aggregate encryption keys from decommissioned nodes remain in OKM

Views:
80
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:
4/3/2025, 2:19:31 PM

Applies to

  • ONTAP 9
  • Onboard Key Manager (OKM)

Issue

Encryption keys (of type VEK) with the same key-tag (20 keys per key-tag) are not restored and do not restore after performing onboard sync

cluster1::*> key query
  (security key-manager key query)

               Node: cluster1-01
            Vserver: cluster1
        Key Manager: onboard
   Key Manager Type: OKM
 Key Manager Policy: -

Key Tag                               Key Type Encryption   Restored
------------------------------------  -------- ------------ --------
cluster1-01                         NSE-AK   AES-256      true
    Key ID: 000000000000000002000000000001002493afaa9f620f1612e31846018d2d3a0000000000000000
cluster1-01                         NSE-AK   AES-256      true
    Key ID: 00000000000000000200000000000100b4a34ecc16364f9dccee7d1c16a579ed0000000000000000
93df9acc-3d21-4f06-ba64-b99a0a66d504  VEK      XTS-AES-256  false
    Key ID: 0000000000000000020000000000050007c551aebfa5b5ab40230ad43e880b510000000000000000
93df9acc-3d21-4f06-ba64-b99a0a66d504  VEK      XTS-AES-256  false
    Key ID: 000000000000000002000000000005001a80e9b1c7ce69f54eaa836d1455d6650000000000000000
                    <<<<<<<KEYS OMITTED FOR BREVITY>>>>>>>
    Key ID: 00000000000000000200000000000500d682e8efb2150d0d5a76cb9d2c6b2dc00000000000000000
93df9acc-3d21-4f06-ba64-b99a0a66d504  VEK      XTS-AES-256  false
    Key ID: 00000000000000000200000000000500e00acebdcc4f5c43525e97e742426f1d0000000000000000
cluster1                       SVM-KEK  AES-256      true
    Key ID: 00000000000000000200000000000a009340adb7ef9d8923a67d7931302c15600000000000000000
23 entries were displayed.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.