Configuring LOCAL Keystore Encryption (CLI)

This procedure assumes that encryption was not previously set up on the appliance. For information about encryption properties, see Encryption Properties.

1. To set up the master passphrase, use the following CLI commands:

   hostname:> shares encryption
   hostname:shares encryption> show
   Children:
                                 okm => Manage encryption keys
                               local => Manage encryption keys
   
   hostname:shares encryption> local
   hostname:shares encryption local> show
   Properties:
                master_passphrase =
   
   Children:
                          keys => Manage this Keystore's Keys
   
   hostname:shares encryption local> set master_passphrase
   Enter new master_passphrase:
   Re-enter new master_passphrase:
                master_passphrase = *********

2. To create the first key, use the following CLI commands and type a keyname.

   This is the name used in the CLI and BUI when assigning a key to a project or share. You can either leave the key property blank and the system will generate a random key value, or you can enter a hex-encoded raw 256-bit key value.

   ---

   Note -  The keys are stored in an encrypted form using the master passphrase supplied. In this example, the system generates the key value.

   ---

   hostname:shares encryption local> keys create
   hostname:shares encryption local key (uncommitted)> show
   Properties:
                           cipher = AES
                              key =
                          keyname = (unset)
   hostname:shares encryption local key (uncommitted)> set keyname=MyFirstKey
                          keyname = MyFirstKey (uncommitted)
   hostname:shares encryption local key (uncommitted)> commit

Related Topics

• Configuring LOCAL Keystore Encryption (BUI)

• Configuring OKM Keystore Encryption (CLI)

• Creating an Encrypted Project (CLI)