Enabled KMS encryption for Local LSU
To enable KMS encryption configurations for local LSU, you can create a configuration file and then run the nbdevconfig command.
Configuration file contents for updating encryption configurations are as follows:
Configuration setting | Description |
|---|---|
V7.5 "operation" "set-local-lsu-kms-property" string | You can only update the KMS status from disabled to enabled. |
V7.5 "encryption" "1" string | Specifies encryption status. This value must be 1. |
V7.5 "kmsenabled" "1" string | Specifies the KMS status. This value must be 1. |
V7.5 "kmsservertype" "0" string | Specifies the KMS server type. This value must be 0. |
V7.5 "kmsservername" "" string | KMS server name that is shared among all LSUs. |
V7.5 "keygroupname" "" string | Key group name must have valid characters: A-Z, a-z, 0-9, _ (underscore), - (hyphen), : (colon), . (period), and space. |
Example to enable KMS status for local LSU:
V7.5 "operation" "set-local-lsu-kms-property" string V7.5 "encryption" "1" string V7.5 "kmsenabled" "1" string V7.5 "kmsservertype" "0" string V7.5 "kmsservername" "xxxxxx" string V7.5 "keygroupname" "xxxxx" string
Note:
All encrypted LSUs in one storage server must use the same keygroupname and kmsservername. KMS server must be configured. Key group and Key exist in KMS server.