删除 NVE 并从外部密钥服务器中删除后,VEK 密钥仍缓存在节点上
适用于
- ONTAP 9
- 外部密钥服务器
- NetApp 卷加密 (NetApp Volume Encryption, NVE)
问题
- 删除 NVE 卷后,已删除卷的 key-id 仍缓存在节点上:
Cluster::> security key-manager key query -restored false Node: cluster-01 Vserver: svm_cluster Key Manager: 10.XX.XX.XX:5696 Key Manager Type: KMIP
Key Tag Key Type Restored------------------------------------ -------- --------c9541486-4cc8-11ec-9221-00a0985b948b VEK false Key ID: 000000000000000002000000000005001b8ca4b682e533dfc5cfc5a77acb28c40000000000000000
- 尝试还原密钥时,将报告以下错误:
::> security key-manager external restore
Warning: Unable to list entries on node cluster-01. KMIP "Get" command failed on external key server "10.XX.XX.XX:5696". Cryptsoft error: "Response status: OPERATION_FAILED. Reason: ITEM_NOT_FOUND. Message: No Cryptographic Object found with given Unique Identifier".