1. Installing and Configuring an Oracle Solaris Cluster 4.4 Environment
  2. Planning the Oracle Solaris Cluster Configuration
  3. Planning Global Devices, Device Groups, and Cluster File Systems
  4. Choosing Options for ZFS Cluster File Systems
  5. Encrypting ZFS Cluster File Systems
  6. Maintaining Keys

Maintaining Keys

Back up the encryption key information to ensure that encrypted cluster file systems are accessible. Backing up this information is important in cases where the keys in the CCR have been deleted inadvertently. If one or more keys becomes unavailable, any encrypted cluster file systems that use that key become inaccessible.

Keys might become unavailable if you perform any of the following actions:

  • Delete a key

  • Roll back to an Oracle Solaris Cluster release that does not support encryption

  • Roll back to an Oracle Solaris Cluster release in which no keys are configured

To record encryption key information, write down the key name and its associated encryption key value or save this information to a file that only you can read.

For example, the following commands save the key name and its associated encryption key value to a file called ~/osck that only you can read: 

phys-schost# cldevicegroup key-list -v >~/osck
phys-schost# chmod 400 ~/osck

Note:

For more information about configuring encryption, see Configuring Encryption for a Globally Mounted ZFS File System.