Example: Use Multiple Unlock Keys ​

YBCLI(8183) (PRIMARY - yb100-mgr0)> keystore setup

Setting up the keystore. Standby...
The system will generate two types of keys:
  -> A single authentication key
  -> One or more keys to unlock the keystore
At least one of each type of key is required. 

Note: You can request up to 5 keystore unlock keys. In this way, multiple administrators can unlock the keystore
using a combination of keys. No single key has to be distributed to a single administrator.

How many unlock keys should be generated for the keystore? (1 to 5): 5
How many unlock keys should be required to unlock the keystore? (2 to 5): 3

Successfully initialized the keystore. Please store the keys listed below in a secure location.

The following 3 keys are used to unlock the keystore after system bootup or failover:
Note: 3 of 5 key(s) are required for unlocking the keystore.
Keystore unlock key 1: 6bfeae96d9953905ba36a7683b7c2c76648cc91d71adff29ce3155089d06c2bcec
Keystore unlock key 2: 514f10d8aec2d6719bbaf898fdb236b6eedb716a2df8d04e05fb076631db2159b1
Keystore unlock key 3: 69cea90c851a8bf7abab7684677f8fa6db036c1794f03da6137ce084a0c1c09dc2
Keystore unlock key 4: c50b770062675d6716e5313390dc6e29077e87eb388dacc8ed1d75a6cddd26877a
Keystore unlock key 5: a8127657aa0b4a973e151351b9c511e2f112ff2fdd1056cb25b6bf055113eb32b0

The following key is used to authenticate to the keystore (required by any encryption command):
Authentication key: 52ea8341-aa63-fe31-deb2-49dd34340864

Keys have been generated. Please store them in a safe place.

Do you want to create a backup of the keystore?
Response (yes/no): yes

Stopping the keystore service before backup. Standby...  Done
Backing up keystore. Standby... Done
Starting the keystore service after backup. Standby...  Done

The keystore has been backed up successfully to:
	/tmp/ybd-ks-09-18-2019-11-50-20.tar.gz
Please copy the backup to another machine. The backup is located on this system at:
	yb98-mgr0:/tmp/ybd-ks-09-18-2019-11-50-20.tar.gz
	MD5: 2dc47c7203682ee6327d090624d0fcc8

YBCLI(8183) (PRIMARY - yb100-mgr0)> encryption enable

Are you sure you want to enable encryption system wide?
WARNING: Enabling encryption means this system will have to be unlocked after every power-cycle.
Also make sure to have the keys for the keystore available in a secure place. These are needed to unlock both the system and the drives.
Response (yes/no): yes

Do you want this command to show the actual drive keys generated?
WARNING: The keys will be shown in clear text. Saying no below will not display the keys.
Response (yes/no): yes
WARNING: The keystore is locked. Initiating unlocking
Please enter an unlock key to begin unlocking the keystore: 
Key -> 

Key was submitted to the keystore but it is not yet fully unlocked.

Do you want to enter another key?
Note: The keystore maintains its state; if needed, you can enter the remaining key(s) later.
If the system restarts or fails over, you will have to enter all of the keys again.
Response (yes/no): yes

Please enter another keystore key to continue unlocking the keystore (Progress: 1/3):
Key -> 

Key was submitted to the keystore but it is not yet fully unlocked.

Do you want to enter another key?
Note: The keystore maintains its state; if needed, you can enter the remaining key(s) later.
If the system restarts or fails over, you will have to enter all of the keys again.
Response (yes/no): yes

Please enter another keystore key to continue unlocking the keystore (Progress: 2/3):
Key -> 

Verifying keystore status. Standby... 
Keystore locked: NO

Keystore was successfully unlocked

Authenticating to the keystore for this YBCLI session. Standby... 
Please enter keystore authentication key: 
Key -> 

Key accepted. This session is authenticated for the next 10 minutes or until YBCLI exits.