Configuring OKM Keystore Encryption (CLI)

To configure encryption using OKM, first set up the key manager server information, and then create keys. For information about encryption properties, see Encryption Properties.

Note:

If the Oracle ZFS Storage Appliance system is clustered, do not use the "one time passphrase" setting when creating the OKM server agent. If you use the "one time passphrase" setting in this situation, registration on the other cluster node will fail and keys will not be available on failover.

1. Configure OKM keystore encryption.

   To configure OKM keystore encryption, set the agent ID, registration PIN (supplied by your OKM security officer), and server IP address.

   hostname:> shares encryption
   hostname:shares encryption> show
   Children:
                               local => Manage LOCAL keystore
                                 okm => Register keys with Oracle Key Manager
   
   hostname:shares encryption> okm
   hostname:shares encryption okm> show
   Properties:
                        agent_id = ExternalClient041
                registration_pin = (set)
                     server_addr = 10.80.180.109
   
   Children:
                               keys => Manage this Keystore's Keys

2. Create an OKM key.

   To create a key, set a key name.

   hostname:shares encryption okm keys> create
   hostname:shares encryption okm key-372 (uncommitted)> ls
   Properties:
                          cipher = AES
                         keyname = (unset)
   hostname:shares encryption okm key-372 (uncommitted)> set keyname=anykey
                         keyname = anykey (uncommitted)
   hostname:shares encryption okm key-372 (uncommitted)> commit

Related Topics

• Oracle Key Manager (OKM) Keystore

• Configuring LOCAL Keystore Encryption (CLI)

• Configuring KMIP Keystore Encryption (CLI)

• Configuring OKM Keystore Encryption (BUI)

• Creating an Encrypted Pool (CLI)

• Creating an Encrypted Project (CLI)