dsetool managekmip destroy
Completely removes the key from the KMIP server. Database can no longer use the key for encryption or decryption. Existing data that has not been re-encrypted becomes inaccessible.
Use this command only after revoking a key and re-encrypting existing data. |
Synopsis
dsetool managekmip destroy <kmip_group_name> <kmip_key_id>
Syntax conventions | Description |
---|---|
UPPERCASE |
Literal keyword. |
Lowercase |
Not literal. |
<`Italics>` |
Variable value. Replace with a valid option or user-defined value. |
|
Optional.
Square brackets ( |
|
Group.
Parentheses ( |
|
Or.
A vertical bar ( |
|
Repeatable.
An ellipsis ( |
|
Single quotation ( |
|
Map collection.
Braces ( |
|
Set, list, map, or tuple.
Angle brackets ( |
|
End CQL statement.
A semicolon ( |
|
Separate the command line options from the command arguments with two hyphens ( |
|
Search CQL only: Single quotation marks ( |
|
Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrconfig files. |
- kmip_groupname
-
The user-defined name of the KMIP group that is configured in the kmip_hosts section of
dse.yaml
. - kmip_key_id
-
The key id on the KMIP provider.
Examples
To revoke a key to prevent decryption:
dsetool managekmip revoke kmipgrouptwo 02-540
After you revoke a key, you can destroy it:
dsetool managekmip destroy kmipgrouptwo 02-540