zkey kms import
Use the zkey kms import command to import secure keys from a key-management system into the secure key repository on your Linux instance. The default is to import all eligible keys.
- -K or --key-type <key_type>
- KMIP only. Specifies the type of the key to import. Possible values are:
- CCA-AESDATA
- CCA-AESCIPHER
- EP11-AES
The key type must match the type of APQNs associated with the KMIP plug-in.
When cryptographic adapters in CCA coprocessor mode are associated with the KMIP plugin, secure keys of type CCA-AESDATA, and CCA-AESCIPHER are supported. The default type is CCA-AESDATA.
When cryptographic adapters in EP11 coprocessor mode are associated with the KMIP plugin, secure keys of type EP11-AES are supported. The default type is EP11-AES.
- -B or --label <key_label>
- Specifies the label of the secure key in the KMS. Use wildcards to select multiple secure keys. If you use wildcards, enclose the value in quotation marks.
- -N or --name <key_name>
- Specifies the key name of the secure key.
- -l or --volumes <vol_name>
- You can associate volumes with a key. Each volume association specifies
the name of the block device, for example /dev/mapper/disk1, and the device
mapper name separated by a colon.Separate multiple volume associations with a comma, for example:
# zkey kms import -l /dev/mapper/disk1:enc-disk1,/dev/mapper/disk2:enc-disk2
- -t or --volume-type <vol_type>
- Specifies the volume type of the associated volumes used with dm-crypt. Possible values are PLAIN or LUKS2
- --no-volume-check
- Omits the volume check, and imports the keys even if the associated volumes do not exist.
- -q or --batch-mode
- Suppresses prompts for names of existing keys. Keys with an existing name are skipped.