Enabling a remote key server

Last Updated : Jun 05, 2026 |

About this task

Use this procedure to use a remote key sever to store encryption keys.

When adding a remote key server for the first time, you can choose either to continue using the local key store or to disable it. When both the local key store and the remote key server are enabled at the same time, Avaya Aura® Device Services uses the local key store to decrypt the encrypted disks at boot time.

If you already have a remote key server enabled, you can use this procedure to add another remote key server.

Before you begin

Configure your remote key server. The exact configuration procedure depends on the key server you are using.

Procedure

  1. Log in to the Avaya Aura® Device Services CLI as an administrator.
  2. Run the following command:

    sys encryptionRemoteKey add <server address> <port>

    In this command:

    • <server address> is the IP address or FQDN of the remote key server.

    • <port> is a port that the remote key server uses to connect to Avaya Aura® Device Services. This is an optional value. If you do not enter a port number, the remote key server uses port 80 by default.

  3. When prompted, enter the existing passphrase.
  4. When prompted to remove the local key store, do one of the following:

    • To disable the local key store, enter y.

    • To continue using the local key store, enter n.