You launch the Storage Encryption setup wizard by using the key_manager setup command. You should run the Storage Encryption setup wizard after you complete setup of the storage system and the storage volumes or when you need to change Storage Encryption settings after initial setup.
The following command launches the Storage Encryption setup wizard and shows an example of how to configure Storage Encryption:
storage-system*> key_manager setup Found client certificate file client.pem. Registration successful for client.pem. Found client private key file client_private.pem. Is this file protected by a passphrase? [no]: Registration successful for client_private.pem. Enter the IP address for a key server, 'q' to quit: 172.22.192.192 Enter the IP address for a key server, 'q' to quit: q Enter the TCP port number for kmip server  : You will now be prompted to enter a key tag name. The key tag name is used to identify all keys belonging to this Data ONTAP system. The default key tag name is based on the system's hostname. Would you like to use <storage-system> as the default key tag name? [yes]: Registering 1 key servers... Found client CA certificate file 172.22.192.192_CA.pem. Registration successful for 172.22.192.192_CA.pem. Registration complete. You will now be prompted for a subset of your network configuration setup. These parameters will define a pre-boot network environment allowing secure connections to the registered key server(s). Enter network interface: e0a Enter IP address: 172.16.132.165 Enter netmask: 255.255.252.0 Enter gateway: 172.16.132.1 Do you wish to enter or generate a passphrase for the system's encrypting drives at this time? [yes]: yes Would you like the system to autogenerate a passphrase? [yes]: yes Key ID: 080CDCB20000000001000000000000003FE505B0C5E3E76061EE48E02A29822C Make sure that you keep a copy of your passphrase, key ID, and key tag name in a secure location in case it is ever needed for recovery purposes. Should the system lock all encrypting drives at this time? yes Completed rekey on 4 disks: 4 successes, 0 failures, including 0 unknown key and 0 authentication failures. Completed lock on 4 disks: 4 successes, 0 failures, including 0 unknown key and 0 authentication failures.