minkms restart

Version added
The minkms restart command is available in RELEASE.2025-11-12T19-14-51Z or later.

Restart one or more Key Manager servers in the cluster.

By default, the command restarts all servers in the cluster through RPC (Remote Procedure Call) coordination. The leader node coordinates the restart. Alternatively, you can specify one or more HOST[:PORT] arguments to restart only specific servers.

The restart functionality is only supported on Unix-based systems. It is not available on Windows platforms.

The following settings determine which remote Key Manager server the command runs against in order of priority:

  1. The MINIO_KMS_SERVER environment variable.
  2. The default value of https://localhost:7373.

SYNTAX 

minkms restart          \
  [HOST[:PORT]...]      \
  [-a | --api-key KEY]  \
  [-k | --insecure]

PARAMETERS

HOST[:PORT]

Optional

One or more server addresses to restart. If not specified, the command performs a cluster-wide restart of all servers using RPC.

Specify each server with the host address and the optional port if different from the default (7373), using a space (" ") delimiter between each additional host.

--api-key

Optional

Alias : -a

The API key of an identity the command uses to authenticate to the Key Manager cluster. Defaults to the value of MINIO_KMS_API_KEY.

--insecure

Optional

Alias : -k

Skip server certificate verification.

Cluster-wide restart behavior

If you do not provide any HOST[:PORT] arguments, the restart command performs a coordinated cluster-wide restart:

  1. The command connects to a Key Manager server (typically the leader).
  2. The leader node sends restart requests to all peer nodes concurrently using RPC.
  3. The leader waits for all peer nodes to complete their restart (or timeout).
  4. The leader node restarts itself last.
  5. The entire restart operation has a 15-second timeout for coordination.

The cluster-wide restart uses the /v1/rpc/restart endpoint for inter-node communication. Individual server restarts use the /v1/debug/restart?self endpoint.

During a cluster-wide restart, you may see network errors such as “connection reset by peer” or “EOF” after the restart is initiated. These errors are expected as the servers terminate their connections during the restart process.

Configuration reload

Restarting a Key Manager server causes it to reload its configuration from the environment and configuration files. This makes the restart command useful for applying configuration changes without requiring a full redeployment.

Examples

Restart entire cluster

The following example restarts all servers in the cluster using coordinated RPC. This uses the default port (7373) and the API key from the MINIO_KMS_API_KEY environment variable.

minkms restart

Restart specific servers with non-default port

This example restarts only the two specified servers on port 8443 without affecting other cluster members.

minkms restart kms1.example.com:8443 kms2.example.com:8443

Restart with specific API key

This example restarts all of the nodes on a cluster, but uses a specific API Key to do so. Pass the -a flag to authenticate with a different API key instead of using the one stored in the MINIO_KMS_API_KEY environment variable.

minkms restart -a kes:v1:AKMVyFERw5Dqu3fv8Nw7Hm8gLEbdtVr5DPUj9GjMxKz3

Permissions

Restarting Key Manager servers requires SysAdmin privileges.