KMS operations using command-line interface (CLI)

The following topics describe the KMS operations that can be performed using command-line interface (CLI):

CLI usage help
See CLI usage help.
Create a new key group
See Create a new key group.
Create a new key
See Create a new key.
Modify key group attributes
See Modify key group attributes.
Modify key attributes
See Modify key attributes.
Get details of key groups
See Get details of key groups.
Get details of keys
See Get details of keys.
Delete a key group
See Delete a key group.
Delete a key
See Delete a key.
Recover a key
See Recover a key.
Modify host master key (HMK)
See Modify host master key (HMK).
Get host master key (HMK) ID
See Get host master key (HMK) ID.
Modify key protection key (KPK)
See Modify key protection key (KPK).
Get key protection key (KPK) ID
See Get key protection key (KPK) ID.
Get keystore statistics
See Get keystore statistics.
Quiesce KMS database
See Quiesce KMS database.
Unquiesce KMS database
See Unquiesce KMS database.

KMS operations with multiperson authorization

The following KMS operations support multiperson authorization:

Starting with NetBackup 10.5, if multiperson authorization is enabled for a key management operation, bpnbat -login is required for this operation. A multiperson authorization ticket is generated and after the ticket is approved, an empty key database is created. For NetBackup releases earlier than 10.5, if multiperson authorization is enabled, you cannot perform the -createemptydb operation.

nbkms

-createemptydb

Starting with NetBackup 10.5, if multiperson authorization is enabled for a key management operation, a ticket is generated. After the multiperson authorization ticket is approved, KMS is configured. For NetBackup releases earlier than 10.5, if multiperson authorization is enabled, you cannot perform nbkmsutil operations.

nbkmsutil

-createkg
-createkey
-modifykg
-modifykey
-deletekg
-deletekey
-modifyhmk
-modifykpk
-export
-import
-recoverkey

Starting with NetBackup 10.5, if multiperson authorization is enabled for a key management operation, bpnbat -login is required for all the nbkmscmd operations. A multiperson authorization ticket is generated and after the ticket is approved, the KMS operation is performed. For NetBackup releases earlier than 10.5, if multiperson authorization is enabled, you cannot perform nbkmscmd operations.

bpnbat -login is required for the nbkmscmd operations that modify or delete the KMS configuration.

nbkmscmd

-configureKMS
-deleteKMSConfig
-updateKMSConfig
-deleteCredential
-updateCredential
-createKey

KMS operations using command-line interface (CLI)

Feedback

Feedback