If encryption is enabled with encryption type CIPHER_TRUST_KMIP (where encryption keys are managed externally on Thales Group CipherTrust Data Security Platform), this command generates a new version of the master key. The master key is used by the cluster to encrypt the data encryption keys when they are retrieved from the EKM and distributed by the cluster node that hosts the encryption service client to other cluster nodes.
The master key is generated by the cluster and should not be rotated from the EKM itself.
Usage
cluster rotate-master-encryption-group-key
Example
vcli: admin> cluster rotate-master-encryption-group-key Are you sure you want to rotate Master encryption group key? [y/N] y Master encryption group key was rotated successfully.