Brocade Communications Systems 1606 Command Reference Manual page 171

--create -encgroup
--delete -encgroup
--reg -keyvault
--dereg -keyvault
Fabric OS Command Reference
53-1001337-01
Creates an encryption group. The node on which this command is invoked
becomes the group leader. You must specify a name when creating an
encryption group.
encryption_group_name
Specifies the name of the encryption group to be created. The name can be
up to 15 characters long and include alphanumeric characters and
underscores. White space, hyphens, and other special characters are not
permitted.
Deletes an encryption group with the specified name. This command is valid
only on the group leader. This command fails if the encryption group has
more than one node, or if any HA cluster configurations, CryptoTarget
container/LUN configurations, or tape pool configurations exist in the
encryption group. Remove excess member nodes and clear all HA cluster,
CryptoTarget container/LUN, or tape pool configurations before deleting an
encryption group.
encryption_group_name
Specifies the name of the encryption group to be deleted. This operand is
required when deleting an encryption group.
Registers the specified key vault (primary or secondary) with the encryption
engines of all nodes present in an encryption group. Upon successful
registration, a connection to the key vault is automatically established. This
command is valid only on the group leader. Registered certificates are
distributed from the group leader to all member nodes in the encryption
group. Each node in the encryption group distributes the certificates to their
respective encryption engines.
The following operands are required when registering a key vault:
cert_label Specifies the key vault certificate label. This is a user-generated name for the
specified key vault. Use cryptocfg --show -groupcfg to view the key vault
label after registration is complete.
certfile Specifies the certificate file. This file must be imported prior to registering the
key vault and reside in the predetermined directory where certificates are
stored. In the case of the HP SKM, this operand specifies the CA file, which is
the certificate of the signing authority on the SKM. Use --show -file -all for a
listing of imported certificates.
hostname | ip_address
Specifies the key vault by providing either a host name or IP address. If you
are registering a key vault that is part of an RKM cluster, the value for
ip_address is the virtual IP address for the RKM cluster and not the address
of the actual key vault.
primary | secondary
Specifies the key vault as either primary or secondary. The secondary key
vault serves as backup.
Removes the registration for a specified key vault. The key vault registration is
identified by specifying the certificate label. Removing a key vault registration
disconnects the key vault. This command is valid only on the group leader.
2
cryptoCfg
141