Deleting an encryption key is a fast and effective way to make large amounts of data inaccessible. Keys can be deleted even if they are in use. If the key is in use, a warning is given and confirmation is required. All shares or projects using that key are unshared and can no longer be accessed by clients.
If you might use a LOCAL key again to access its associated shares, back up the keyname and value before deleting the key. Then you can later perform a restore procedure as described in Restoring a LOCAL Key (CLI).
Use the following procedure to delete a LOCAL or OKM encryption key.
hostname:shares encryption local local_keys> destroy keyname=AKTEST_K1 This key has the following dependent shares: Pool2/local/BG1 Pool2/local/BG1/BG3 Pool2/local/BG1/fast1 Pool2/local/default/BG2 Destroying this key will render the data inaccessible. Are you sure? (Y/N)
hostname:> shares select test_project select test_share1 hostname:shares test_project/test_share1> get encryption keystore keyname keystatus encryption = aes-128-ccm (inherited) keystore = LOCAL (inherited) keyname = AKTEST_K1 (inherited) keystatus = unavailable Errors: key_unavailable
hostname:shares (pool-010) encryption local keys> select keyname=1 hostname:shares (pool-010) encryption local key-002> list Properties: cipher = AES keyname = 1 hostname:shares (pool-010) encryption local key-002> list dependents DEPENDENTS pool-010/local/default/a hostname:shares (pool-010) encryption local key-002>