zkey kms import

Use the zkey kms import command to import secure keys from a key-management system into the secure key repository on your Linux instance. The default is to import all eligible keys.

zkey kms import syntax

Read syntax diagramSkip visual syntax diagramzkey kms im-K <key_type>-B  <key_label>-N  <key_name>-l , <vol_name>:dm_name-t  <vol_type>--no-volume-check -q
Where:
-K or --key-type <key_type>
KMIP only. Specifies the type of the key to import. Possible values are:
  • CCA-AESDATA
  • CCA-AESCIPHER
  • EP11-AES

The key type must match the type of APQNs associated with the KMIP plug-in.

When cryptographic adapters in CCA coprocessor mode are associated with the KMIP plugin, secure keys of type CCA-AESDATA, and CCA-AESCIPHER are supported. The default type is CCA-AESDATA.

When cryptographic adapters in EP11 coprocessor mode are associated with the KMIP plugin, secure keys of type EP11-AES are supported. The default type is EP11-AES.

-B or --label <key_label>
Specifies the label of the secure key in the KMS. Use wildcards to select multiple secure keys. If you use wildcards, enclose the value in quotation marks.
-N or --name <key_name>
Specifies the key name of the secure key.
-l or --volumes <vol_name>
You can associate volumes with a key. Each volume association specifies the name of the block device, for example /dev/mapper/disk1, and the device mapper name separated by a colon.
Separate multiple volume associations with a comma, for example:
# zkey kms import -l /dev/mapper/disk1:enc-disk1,/dev/mapper/disk2:enc-disk2
-t or --volume-type <vol_type>
Specifies the volume type of the associated volumes used with dm-crypt. Possible values are PLAIN or LUKS2
--no-volume-check
Omits the volume check, and imports the keys even if the associated volumes do not exist.
-q or --batch-mode
Suppresses prompts for names of existing keys. Keys with an existing name are skipped.