Procedure
Run the following command on any node in the cluster to view the master key IDs used by all encrypted volumes in the cluster:
zbs-meta kms list_master_keyOutput example
Id Encrypt Type Volume Num Snapshot Num
---------------------------------------- -------------- ------------ --------------
nmk_02842077-715d-4562-a98d-36efa518cafb AES256_CTR 0 0Output note
| Parameter | Description |
|---|---|
Id | The ID of the cluster master key. |
Encrypt Type | The encryption algorithm type. |
Volume Num | The number of volumes that use this master key. |
Snapshot Num | The number of snapshots that use this master key. |
Procedure
Run the following command on any node in the cluster to rotate the cluster's master key:
zbs-meta kms rotate_key <provider_id>| Parameter | Description |
|---|---|
provider_id | The ID of the key management service. |
Output example
If the command succeeds, no output is displayed.
Procedure
Run the following command on any node in the cluster to export the encryption keys for all encrypted volumes:
zbs-meta kms export_key --dek_encrypt_password <DEK_ENCRYPT_PASSWORD> --output <OUTPUT>| Parameter | Description |
|---|---|
<DEK_ENCRYPT_PASSWORD> | The password used to export the encrypted volumes. |
<OUTPUT> | The file path to save the exported keys. |
Output example
If the command succeeds, no output is displayed.
Procedure
Run the following command on any node in the cluster to import the keys for the cluster:
zbs-meta kms import_key --dek_decrypt_password <DEK_DECRYPT_PASSWORD> --input <INPUT>| Parameter | Description |
|---|---|
<DEK_DECRYPT_PASSWORD> | The password used to import the keys, which must be the same as the password used during export. |
<INPUT> | The file path to import the keys. |
Output example
If the command succeeds, no output is displayed.