topic SED disk encryption key query in AFF https://community.netapp.com/t5/AFF/SED-disk-encryption-key-query/m-p/435251#M1076 <P>Hi Experts.</P><P>On AFF cluster with 16 SED disks, I have assigned one of the key shown in the" security key-manager key show". Just wanted to check if this is ok, or do I need to assign a key from Node1 to node1 assigned disks and key from node2 to node2 assigned disks.</P><P>Also&nbsp;" security key-manager key show" displays at least a dozen of keys. Is it ok to use any one of the key for encryption purpose?</P><P>Note below display is edited and the key is just a arbitrary key.</P><P>CLUS1&gt; storage encryption disk show<BR />Disk Mode Data Key ID<BR />-------- ---- ----------------------------------------------------------------<BR />1.0.0 data 00000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.1 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.2 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.3 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.4 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.5 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.6 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.7 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.16 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.17 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.18 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.19 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.20 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.21 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.22 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.23 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />16 entries were displayed.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 04 Jun 2025 10:00:59 GMT Baiju625 2025-06-04T10:00:59Z SED disk encryption key query https://community.netapp.com/t5/AFF/SED-disk-encryption-key-query/m-p/435251#M1076 <P>Hi Experts.</P><P>On AFF cluster with 16 SED disks, I have assigned one of the key shown in the" security key-manager key show". Just wanted to check if this is ok, or do I need to assign a key from Node1 to node1 assigned disks and key from node2 to node2 assigned disks.</P><P>Also&nbsp;" security key-manager key show" displays at least a dozen of keys. Is it ok to use any one of the key for encryption purpose?</P><P>Note below display is edited and the key is just a arbitrary key.</P><P>CLUS1&gt; storage encryption disk show<BR />Disk Mode Data Key ID<BR />-------- ---- ----------------------------------------------------------------<BR />1.0.0 data 00000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.1 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.2 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.3 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.4 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.5 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.6 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.7 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.16 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.17 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.18 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.19 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.20 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.21 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.22 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />1.0.23 data 0000000000000000012345567788999000007AADFA22323929ADSDKSJ11111SS<BR />16 entries were displayed.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 04 Jun 2025 10:00:59 GMT https://community.netapp.com/t5/AFF/SED-disk-encryption-key-query/m-p/435251#M1076 Baiju625 2025-06-04T10:00:59Z Re: SED disk encryption key query https://community.netapp.com/t5/AFF/SED-disk-encryption-key-query/m-p/435287#M1078 <P><a href="https://community.netapp.com/t5/user/viewprofilepage/user-id/93760">@Baiju625</a>,</P><P>&nbsp;</P><P>Unless your security protocol requires you to use multiple keys then you are fine with just using on.&nbsp;</P><P>&nbsp;</P><P>Reference: <A href="https://docs.netapp.com/us-en/ontap/encryption-at-rest/enable-onboard-key-management-96-later-nse-task.html" target="_blank" rel="noopener">Enable onboard key management in ONTAP 9.6 and later</A> and <A href="https://docs.netapp.com/us-en/ontap/encryption-at-rest/assign-authentication-keys-seds-onboard-task.html" target="_blank" rel="noopener">Assign a data authentication key to a FIPS drive or SED (onboard key management)</A></P><P>&nbsp;</P><P data-unlink="true">You can also rotate the keys if that is required.&nbsp; KB: <A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_rotate_encryption_keys_for_NetApp_Storage_Encryption_(NSE)" target="_blank" rel="noopener">How to rotate encryption keys for NetApp Storage Encryption (NSE)</A>, explains the process of rotating the keys for both External and Onboard key manager (OKM).</P><P data-unlink="true">&nbsp;</P><P data-unlink="true">Let us know if you have any follow up questions.</P><P data-unlink="true"><BR />Thanks,</P><P data-unlink="true">Brad</P><P>&nbsp;</P> Wed, 25 May 2022 02:03:30 GMT https://community.netapp.com/t5/AFF/SED-disk-encryption-key-query/m-p/435287#M1078 darb0505 2022-05-25T02:03:30Z