Deleting an Encryption Key (CLI)
Related Topics
"Changing a Share Encryption Key (BUI)" on page 572
■
"Deleting an Encryption Key (CLI)" on page 578
■
"Managing Encryption Keys" on page 582
■
"Encryption Key Life Cycle" on page 585
■
Deleting an Encryption Key (CLI)
Deleting an encryption key is a fast and effective way to make large amounts of data
inaccessible. Keys can be deleted even if they are in use. If the key is in use, a warning is given
and confirmation is required. All shares or projects using that key are unshared and can no
longer be accessed by clients.
If you might use a LOCAL key again to access its associated shares, back up the keyname and
value before deleting the key. Then you can later perform a restore procedure as described in
"Restoring a LOCAL Key (CLI)" on page
Use the following procedure to delete a LOCAL or OKM encryption key.
1.
To delete a key, use the following CLI command:
hostname:shares encryption local local_keys> destroy keyname=AKTEST_K1
This key has the following dependent shares:
Pool2/local/BG1
Pool2/local/BG1/BG3
Pool2/local/BG1/fast1
Pool2/local/default/BG2
Destroying this key will render the data inaccessible. Are you sure? (Y/N)
To verify that a share is no longer accessible using that key, navigate to the
2.
share and use the following CLI commands:
hostname:> shares select test_project select test_share1
hostname:shares test_project/test_share1> get encryption keystore keyname keystatus
Errors:
578
Oracle ZFS Storage Appliance Administration Guide, Release OS8.6.x • September 2016
580.
encryption = aes-128-ccm (inherited)
keystore = LOCAL (inherited)
keyname = AKTEST_K1 (inherited)
keystatus = unavailable