Go to main content
Oracle® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Exit Print View

Updated: July 2017
 
 

Configuring OKM Keystore Encryption (CLI)

To use the Oracle Key Manager (OKM) keystore, configure the following parameters:

  • agent_id

  • registration_pin (supplied by your OKM security officer)

  • server_addr

For information about encryption properties, see Encryption Properties.

Note -  If the appliance is clustered, do not use the "one time passphrase" setting when creating the OKM server agent otherwise registration on the other cluster node will fail and keys will not be available on failover.
  1. To configure OKM keystore encryption, use the following CLI commands: 
    hostname:> shares encryption
hostname:shares encryption> show
Children:
                             okm => Manage encryption keys
                           local => Manage encryption keys

hostname:shares encryption> okm
hostname:shares encryption okm> show
Properties:
                     agent_id = ExternalClient041
             registration_pin = *********
                  server_addr = 10.80.180.109

Children:
                            keys => Manage this Keystore's Keys
  2. To create an OKM key, use the following CLI commands: 
    hostname:shares (pool-290-A) encryption okm keys>
hostname:shares (pool-290-A) encryption okm keys> create
hostname:shares (pool-290-A) encryption okm key-372 (uncommitted)> ls
Properties:
                       cipher = AES
                      keyname = (unset)
hostname:shares (pool-290-A) encryption okm key-372 (uncommitted)> set
keyname=anykey
                      keyname = anykey (uncommitted)
hostname:shares (pool-290-A) encryption okm key-372 (uncommitted)> commit
Copyright © 2009, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next