About creating and deleting encryption keys

Encryption License Key User Guide for VSP One Block

Version
10.2.x
Audience
anonymous
Part Number
MK-23VSP1B010-00

Creating encryption keys

Encryption keys are created automatically when the encryption environment is enabled. The encryption keys are assigned to drives when a DDP group with encryption enabled is created.

New encryption keys must be created manually in the following cases:

  • When you need to change an encryption key.
  • After deleting encryption keys.
  • When you run out of unassigned encryption keys due to drive replacement.

When creating encryption keys, always create the maximum number of keys that can be created: (4096 - <current number of keys>). To get the current number of keys, use the following command: GET <base URL >/v1/objects/encryption-key-counts/instance

The following REST API command is used to create encryption keys:

POST <Base URL >/v1/objects/encryption-keys

Deleting encryption keys

You can delete unused (Free) encryption keys in the storage system. Encryption keys need to be deleted in the following cases:

  • When you change the encryption key generation location from the storage system to a KMS by changing the encryption environment settings.
  • When you migrate a KMS to another server and plan to use new encryption keys instead of the existing encryption keys.

After you delete encryption keys, always create the maximum number of encryption keys that can be created (4096 - <current number of keys>). To get the current number of keys, use the following command: GET <base URL >/v1/objects/encryption-key-counts/instance

The following REST API command is used to delete encryption keys:

DELETE <Base URL>/v1/objects/encryption-keys/<object-ID>
Note: Encryption keys that are allocated to implemented drives cannot be deleted. If you want to delete the encryption key allocated to an implemented drive and allocate a new encryption key, you must first disable encryption for the DDP group to which the drive belongs.