Deleting an Encryption Key (BUI)

Deleting an encryption key is a fast and effective way to make large amounts of data inaccessible. Keys can be deleted even if they are in use. If the key is in use, a warning is given and confirmation is required. All shares, projects, or pools that use that key are unshared and can no longer be accessed by clients.

If you might use a LOCAL key again to access its associated shares, back up the key name and value before deleting the key as described in Backing Up a LOCAL Key (BUI). Then you can later perform a restore procedure as described in Restoring a LOCAL Key (BUI).

When an encryption key that is in use by a pool, project, or share is deleted, all affected pools, projects, and shares are listed as dependents for the key in the Key Destroy dialog box. When the key is deleted, the Key Status value changes to unavailable, and a warning indicator is displayed to the right of the lock icon for the affected pool or share.

Use the following procedure to delete an encryption key.

From the Shares menu, select Encryption.
Select the appropriate keystore tab.
Move your cursor over the key that you want to delete, and click the delete icon .

An alert is displayed that warns you that all shares that are using this key will be unmounted and unshared. If you delete this key, all data in the shares that are encrypted using this key will be permanently and irrecoverably inaccessible. Then the alert lists the pools and shares that depend on this key.
To delete the key, click OK. To keep the key, click CANCEL.

When a key is deleted, all of the data in all of the pools and shares that use the key becomes inaccessible. This is equivalent to secure data destruction and is permanent and irrevocable unless you have prepared for key restoration by backing up the key. For more information about key backup and restoration, see Backing Up a LOCAL Key (BUI) and Restoring a LOCAL Key (BUI).