beautypg.com

Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 220

background image

190

Fabric OS Command Reference

53-1003131-01

cryptoCfg

2

primary | secondary

Specifies the signing key vault as primary or secondary. This operand is valid only
with the TEKA, SKM, or KMIP key vault, which requires the CSR to be signed by
the primary or secondary vault. If both primary and secondary vaults are
configured, this command must be run once for the primary and once for
secondary key vault from every node.

--set -keyvault

Sets the key vault type. This command is valid only on the group leader.

value

Specifies the key vault type. The default is set to no value. This operand is
required. Valid values for -keyvault include the following parameters:

LKM

Specifies the NetApp LKM appliance (trusted key vault).

DPM

Specifies the Data protection Manager key repository.

SKM

Specifies one of the following: the HP Secure Key Manager (SKM) or the HP
Enterprise Secure Key Manager (ESKM). Both are opaque key repositories.

TEKA

Specifies the Thales e-Security keyAuthority (TEKA) key repository.

TKLM

Specifies the Tivoli Key Lifetime Manager (TKLM) key repository

KMIP

Specifies the Key Management Interoperability Protocol (KMIP) key
repository.

--set -kvparam

Sets the key vault configuration parameters. These parameters must be
configured after setting the key vault type to KMIP, and before the key vault is
registered on the Brocade Encryption Switch.

ha transparent | opaque | disable

Sets the HA mode for key archival.

login disable | enableU |enableP

Sets the user name and password authentication after TLS connection to a client
device is requested. If you specify "enableU", only a user name is required to
identify the client device. If you specify "enableP", both a user name and a
password are required to identify the client device.

cert self | ca

Specifies the certificate type to use for TLS connection.

loglevel warning | info | io | debug | trace

Changes the default logging level.

--show -kvparam

Displays all the configured KMIP key vault parameters.

--set -failbackmode

Sets the failback mode parameter. This parameter is set on the group leader. Valid
values for failback mode include the following parameters:

auto

Enables automatic failback. In this mode, failback occurs automatically within an
HA cluster when an encryption switch or blade that failed earlier has been
restored or replaced. Automatic failback mode is enabled by default.

See also other documents in the category Brocade Computer Accessories: