You can choose to enable passphrase-based startup authentication to provide further protection for the master key for all nodes in the same cluster. With passphrase-based startup authentication, the Cryptographic Security Platform Compliance Manager node will enter Recovery Mode every time it is rebooted. You will need to enter the passphrase in the Cryptographic Security Platform Compliance Manager webGUI.

Startup Authentication allows Cryptographic Security Platform Compliance Manager to be used in tactical kits in hostile environments. Onsite staff can simply power off the Cryptographic Security Platform Compliance Manager nodes, which make them unusable until a passphrase or admin key is provided.

Note: If Startup Authentication is enabled, you cannot add a new Cryptographic Security Platform Compliance Manager node. You must disable Startup Authentication first, add the new node, and then re-enable Startup Authentication.

• Enabling Startup Authentication
• Disabling Startup Authentication