Invoke-HcsmEncryptionKeyRollover
Invoke-HcsmEncryptionKeyRollover
Changes a service data encryption key.
Syntax
Parameter Set: Default
Invoke-HcsmEncryptionKeyRollover [-ServiceDataEncryptionKey <SecureString> ] [ <CommonParameters>]
Detailed Description
The Invoke-HcsmServiceDataEncryptionKeyChange cmdlet changes a service data encryption key for StorSimple Manager. Configure the new key on all registered devices. When you run this cmdlet on the first device to update, the cmdlet creates a key. For all other registered devices, specify that key as the value of the ServiceDataEncryptionKey parameter.
Parameters
-ServiceDataEncryptionKey<SecureString>
Specifies the new encryption key as a secure string. Do not specify this parameter for the first of the registered devices that you update.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
Examples
---------- Example 1: Configure key for first device ----------
This command configures the device to generate and use a new service data encryption key. To change encryption keys on your devices, run this command on the first device. The cmdlet generates a password to use on other devices.
PS C:\> Invoke-HcsmServiceDataEncryptionKeyChange
---------- Example 2: Configure key for subsequent devices ----------
The first command uses the ConvertTo-SecureString cmdlet to convert a plaintext password into a secure string, and then stores the result in the $passKey variable. For more information, type Get-Help ConvertTo-SecureString. The password that the command converts is the password that you generated on the first device, as in the previous example.
The second command uses the current cmdlet to configure the device to use the new service data encryption key. The command specifies the password stored in $passKey.
PS C:\> $passKey = ConvertTo-SecureString -String "Password" -AsPlainText -Force
PS C:\> Invoke-HcsmServiceDataEncryptionKeyChange –ServiceDataEncryptionKey $passKey