1. Installation and Administration Guide
  2. Advanced Security Transparent Data Encryption (TDE)
  3. Key Destruction When Using TDE

Key Destruction When Using TDE

Verify the key is not being used before destroying keys that have reached the post-operational phase.

OKM administrators are responsible for the regular destruction of keys in the post-operational phase. Deletion of keys through the pkcs11_kms provider is not supported with OKM and is a restricted operation reserved for OKM users that have been assigned the role of Operator. Once a key has been destroyed, any attempt to retrieve it will fail, including PKCS#11 C_FindObjects requests.