Keymgmt Import

Imports the content of a credential store into another credential store, imports a named encryption key into a server ID file, or imports a shared encryption key used for DAOS object encryption previously exported from one credential store into another credential store. Performed after keymgmt export.

Details

Use this command to:

Import previously-exported credential store contents into a credential store. For example, do this when switching from single-server credential store configuration to a cluster configuration or vice versa.
Import a named encryption key that you previously exported from a server ID file into a server ID file on another server that is in a cluster and needs to support the credential store configured for that cluster.
Import a shared encryption key that you previously exported from one credential store into a another credential store. A shared encryption key is used to encrypt DAOS objects across servers.

Syntax: Import exported credential store content into a credential store

To import credential store content exported through

keymgmt
        export

into a credential store, enter the following command from the server with the credential store:

keymgmt import credstore <database>

where <database> is the database with the exported content that you've copied to the data directory of the server.

For example,

keymgmt import credstore credstorecopy.nsf

The database content is decrypted with the private key of the local server, added to the local credential store, and encrypted with the credential store named encryption key.

Syntax: Import a named encryption key

To import a named encryption key exported from another server ID file to a password-protected file through keymgmt export, enter the following command to import the key into the server ID file and delete the password-protected file. You must copy the exported key file to the server program directory before issuing the command.

keymgmt import nek <nekname>.key  <password>

where <nekname> is the name of the key and <password> is a password that you created for the key file.

For example:

keymgmt import nek credstorekey.key passw0rd

Note: If there is already a named encryption key with the specified name in the server ID file and you want to replace its key, use the overwrite flag. For example:

keymgmt import nek overwrite credstorekey.key passw0rd

Syntax: Import a shared encryption key into a credential store

From the console of the server to which you saved the databases with the exported shared key, run the following command to import the key into the credential store used by the server:

keymgmt import credstore <database>

where <database> is the file name of the database that contains the shared key that was previously exported.

For example:

keymgmt import credstore exportdb.nsf