Description
Allows you to set the encryption level for a specified storage group on the QoreStor. You turn encryption on or off by using the --set ON or --set OFF command options. The --mode option sets the mode of key lifecycle management as one of the following:
- static—A global, fixed key is used to encrypt all data.
- internal—Content encryption keys are generated and rotated on a specified period of days.
If you select Internal as the mode of key management, you need to set the --interval option, which specifies the number of days for key rotation when a new key is to be generated.
|
NOTE: In Internal mode there is a maximum limit of 1023 keys. The key rotation period is set to 30 days by default when the passphrase is set and/or encryption is turned on. You can later change the key rotation period from 7 days to 70 years for internal mode. |
|
NOTE: After encryption is enabled, all of the data that is backed up is encrypted and is kept encrypted until it is expired and cleaned by the system cleaner. Note that encryption is an irreversible process. |
|
NOTE: Due to export regulations, the encryption at rest feature is not available in certain markets, and, therefore, may not be available in your locale. |
Syntax
storage_group --encryption --name <name> [--set <ON | OFF>] [--mode < static | internal >] [--interval <7 days to 70 years>]
Where
--name Name of the storage group. Valid values are [a-z,A-Z,0-9,'-' and '_'] and maximum of 32 characters. --set Valid values are On and Off. --mode Valid values are static and internal. --interval Valid values are between 7 days to 70 years (in days)
Result
Storage Group "StorageGroup_1" updated successfully.