Deleting an encryption key is a fast and effective way to make large amounts of data inaccessible. Keys can be deleted even if they are in use. If the key is in use, a warning is given and confirmation is required. All shares or projects using that key are unshared and can no longer be accessed by clients.
If you might use a LOCAL key again to access its associated shares, back up the keyname and value before deleting the key. Then you can later perform a restore procedure as described in Restoring a LOCAL Key (CLI).
Use the following procedure to delete a LOCAL or OKM encryption key.
hostname:shares encryption local local_keys> destroy keyname=AKTEST_K1
This key has the following dependent shares:
Pool2/local/BG1
Pool2/local/BG1/BG3
Pool2/local/BG1/fast1
Pool2/local/default/BG2
Destroying this key will render the data inaccessible. Are you sure? (Y/N)
hostname:> shares select test_project select test_share1
hostname:shares test_project/test_share1> get encryption keystore keyname keystatus
encryption = aes-128-ccm (inherited)
keystore = LOCAL (inherited)
keyname = AKTEST_K1 (inherited)
keystatus = unavailable
Errors:
key_unavailable
hostname:shares (pool-010) encryption local keys> select keyname=1 hostname:shares
(pool-010) encryption local key-002> list
Properties:
cipher = AES
keyname = 1
hostname:shares (pool-010) encryption local key-002> list dependents DEPENDENTS
pool-010/local/default/a hostname:shares (pool-010) encryption local key-002>