Enable volume encryption on demand | NetApp | Page 1

desert crystal Mar 26, 2025, 9:59 AM

#

Hello,

As provided in this doc: https://docs.netapp.com/us-en/ontap/encryption-at-rest/configure-netapp-volume-encryption-concept.html#support-details newly created aggregates and volumes are encrypted by default when you add a volume encryption (VE) license and have an onboard or external key manager configured.
Do you know how to disable this default behavior, and activate encryption only when needed for new volumes ?

Configure NetApp Volume Encryption overview

NetApp Volume Encryption (NVE) is a software-based technology for encrypting data at rest one volume at a time. An encryption key accessible only to the stor...

gloomy belfry Mar 26, 2025, 10:23 AM

#

If your aggregates have the “encrypt with aggregate key” option enabled, you have no choice. New volumes by default will have NAE. You can specify in the command line when making the volume to use NVE instead but it will still be encrypted. Any volume on an encryption enabled aggregate must be encrypted

If your aggregates do not have the encrypt with aggregate key enabled then the default will be to encrypt using NVE. You can override this on the command line with I think “-encrypt false”

desert crystal Mar 26, 2025, 3:02 PM

#

Thank you for your response, one of my colleges has found an option to disable default encryption: https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_disable_default_encryption_in_ONTAP__9.7

NetApp Knowledge Base

How to disable default encryption in ONTAP 9.7

#Enable volume encryption on demand