Encryption KBs
Encryption KBs
Featured
NetApp Encryption Overview
NetApp offers both software and hardware based encryption technologies
NetApp offers both software and hardware based encryption technologies
FAQ: NVE and NAE
Frequently asked questions about NetApp Volume and NetApp Aggregate Encryption
Frequently asked questions about NetApp Volume and NetApp Aggregate Encryption
What is NetApp Storage Encryption
Full disk encryption that protects data at rest with no operational impact
Full disk encryption that protects data at rest with no operational impact
Other Resources
- What is the purpose of the arw.medium.encryption.percentage.threshold option in ONTAP 9.17.1?Fri, 27 Mar 2026
- Attempting to disable onboard key manager to delete disk encryption key failsFri, 13 Mar 2026
- How to enable OKM in ONTAP for non-MetroCluster environmentsFri, 06 Feb 2026
- Lun creation fails with "The Onboard Key Manager is already configured"Thu, 05 Feb 2026
- key-manager onboard enable fails due to timeout operationFri, 30 Jan 2026
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.XFri, 30 Jan 2026
- Unable to configure data SVM key manager with NAE volumes in 9.16.1PxWed, 03 Dec 2025
- Failed to verify the backup blob after adding node to clusterMon, 03 Nov 2025
- Does ONTAP 9 support the ACME protocol for automated certificate management?Wed, 08 Oct 2025
- Does the SAN ARP entropy evaluation period apply to NAS volumes including VM datastores ?Fri, 03 Oct 2025
- TPM driver detaching at Boot in ONTAP 9.16.1 and higherMon, 29 Sep 2025
- Onboard keys not found after boot device replacementThu, 18 Sep 2025
- crypto.import.failed errors after re-initializing an ONTAP ClusterFri, 05 Sep 2025
- What is the config step in ONTAP when External Key Manager restore with same CAThu, 14 Aug 2025
- Volume creation fails in GCP as VEKs cannot be created for data SVMMon, 11 Aug 2025
- Newly created aggreagtes are not being encrypted after enabling OKMThu, 31 Jul 2025
- Does the server-CA certificate SwisscomRootCA1 need to be renewed manually?Thu, 31 Jul 2025
- Is it required to install SSL certificates for disk encryption?Tue, 29 Jul 2025
- Unable to modify EKM server-ca certificates due to errorMon, 21 Jul 2025
- External Key Manager reports SSL PEER VALIDATION errorFri, 20 Jun 2025
- ONTAP does not boot due to expired certificates in use with External Key ManagerFri, 27 Mar 2026
- Volume create or move fails when Onboard Key Manager is not in syncFri, 27 Mar 2026
- What is the purpose of the arw.medium.encryption.percentage.threshold option in ONTAP 9.17.1?Fri, 27 Mar 2026
- OKM: How to recover from a lost Cluster passphrase in ONTAP 9.6 and later when using NAETue, 24 Mar 2026
- NSE: How to enable drive authentication on a NSE spare drive replacementSat, 14 Mar 2026
- Attempting to disable onboard key manager to delete disk encryption key failsFri, 13 Mar 2026
- Error: command failed: This platform does not support data at rest encryptionMon, 09 Mar 2026
- key-manager onboard enable fails due to timeout operationMon, 09 Mar 2026
- Lun creation fails with "The Onboard Key Manager is already configured"Mon, 02 Mar 2026
- Newly created aggreagtes are not being encrypted after enabling OKMThu, 26 Feb 2026
- How to verify if external key manager is configuredTue, 17 Feb 2026
- How to restore external key manager server configuration from the ONTAP boot menuTue, 17 Feb 2026
- ONTAP 9 giveback operation was vetoed by keymanagerMon, 16 Feb 2026
- Enabling Onboard Key Manager (OKM) is failing with error: "Error: command failed: Multitenant key management requires an effective cluster version of 9.6.0 or later."Tue, 10 Feb 2026
- How to enable OKM in ONTAP for non-MetroCluster environmentsFri, 06 Feb 2026
- Failed to generate cluster key encryption key in kernelThu, 05 Feb 2026
- VEK key remains cached on node after NVE is deleted and removed from external key serverThu, 05 Feb 2026
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.XFri, 30 Jan 2026
- Considerations for NSE while migrating to new External Key Manager serversMon, 26 Jan 2026
- Encryption error observed in SVMDR relationship on DST volumeWed, 14 Jan 2026
Highest rated
(rating)- How to determine if the running ONTAP version supports Data At Rest Encryption
- Error message of "mgmtgwd.certificate.expired" in event log
- Restore onboard key management encryption keys
- What will happen when my Autosupport Certificate in ONTAP expires?
- What are the software-based encryption capabilities in ONTAP?
- How to set pre-boot environment variables for NetApp Storage Encryption using KMIP servers
- External key servers unavailable on boot when using ifgrps with more than one digit in names as KMIP interfaces
- How does NVE and NAE encrypt data?
- The new client certificate public or private keys are different from the existing client certificate
- Nodes will not boot, error: Unable to restore data access on encrypting disk
- Error: Encryption is not enabled on the destination cluster
- How do I transition from the onboard key manager to an external key manager or conversely
- How to determine FIPS 140-2 or 140-3 certification number for encrypting drives
- How to rotate data authentication keys on a FIPS drive or SED
- Can deleted files be non-disruptively purged from NVE volumes?
Recently updated
(date updated)- ONTAP does not boot due to expired certificates in use with External Key Manager
- Volume create or move fails when Onboard Key Manager is not in sync
- What is the purpose of the arw.medium.encryption.percentage.threshold option in ONTAP 9.17.1?
- OKM: How to recover from a lost Cluster passphrase in ONTAP 9.6 and later when using NAE
- NSE: How to enable drive authentication on a NSE spare drive replacement
- Attempting to disable onboard key manager to delete disk encryption key fails
- Error: command failed: This platform does not support data at rest encryption
- key-manager onboard enable fails due to timeout operation
- Lun creation fails with "The Onboard Key Manager is already configured"
- Newly created aggreagtes are not being encrypted after enabling OKM
- How to verify if external key manager is configured
- How to restore external key manager server configuration from the ONTAP boot menu
- ONTAP 9 giveback operation was vetoed by keymanager
- Enabling Onboard Key Manager (OKM) is failing with error: "Error: command failed: Multitenant key management requires an effective cluster version of 9.6.0 or later."
- How to enable OKM in ONTAP for non-MetroCluster environments
Recently added
(date created)- What is the purpose of the arw.medium.encryption.percentage.threshold option in ONTAP 9.17.1?
- Attempting to disable onboard key manager to delete disk encryption key fails
- How to enable OKM in ONTAP for non-MetroCluster environments
- Lun creation fails with "The Onboard Key Manager is already configured"
- key-manager onboard enable fails due to timeout operation
- VEK keys got converted into AEK after ONTAP upgrade to 9.14.X
- Unable to configure data SVM key manager with NAE volumes in 9.16.1Px
- Failed to verify the backup blob after adding node to cluster
- Does ONTAP 9 support the ACME protocol for automated certificate management?
- Does the SAN ARP entropy evaluation period apply to NAS volumes including VM datastores ?
- TPM driver detaching at Boot in ONTAP 9.16.1 and higher
- Onboard keys not found after boot device replacement
- crypto.import.failed errors after re-initializing an ONTAP Cluster
- What is the config step in ONTAP when External Key Manager restore with same CA
- Volume creation fails in GCP as VEKs cannot be created for data SVM