About the Internal Key Management Service

This section provides a brief introduction to the internal key management service.

OceanStor Dorado V6 series storage systems provide the internal key management service for disk encryption. The service supports:

• Lifecycle management for disk encryption keys, such as creating, updating, obtaining, and deleting keys.
• Backup and recovery of disk encryption keys.

When internal key management is enabled, the storage system uses the AES256 algorithm to encrypt private keys for storage. The keys are saved in the storage system and backed up on all controllers. To ensure high reliability of the storage system and prevent damage or loss of all keys and backups, you are advised to enable automatic key backup, which automatically uploads a copy of the keys to the specified FTP or SFTP server when the keys are created, updated, or deleted or when the key backup configuration is changed (initial configuration or backup server address change).

If all keys are damaged or lost, the SEDs in the self-encrypting storage pool cannot be identified, resulting in data loss.