dsetool managekmip destroy
Completely removes the key from the KMIP server.
Completely removes the key from the KMIP server. Database can no longer use the key for
encryption or decryption. Existing data that has not been re-encrypted becomes
inaccessible.
Important: Use this command only after revoking a key and
re-encrypting existing data.
Synopsis
dsetool managekmip destroy kmip_group_name kmip_key_id
| Syntax conventions | Description |
|---|---|
| UPPERCASE | Literal keyword. |
| Lowercase | Not literal. |
Italics |
Variable value. Replace with a valid option or user-defined value. |
[ ] |
Optional. Square brackets ( [ ] ) surround optional command
arguments. Do not type the square brackets. |
( ) |
Group. Parentheses ( ( ) ) identify a group to choose from. Do
not type the parentheses. |
| |
Or. A vertical bar ( | ) separates alternative elements. Type
any one of the elements. Do not type the vertical bar. |
... |
Repeatable. An ellipsis ( ... ) indicates that you can repeat
the syntax element as often as required. |
'Literal string' |
Single quotation ( ' ) marks must surround literal strings in
CQL statements. Use single quotation marks to preserve upper case. |
{ key:value } |
Map collection. Braces ( { } ) enclose map collections or key
value pairs. A colon separates the key and the value. |
<datatype1,datatype2> |
Set, list, map, or tuple. Angle brackets ( < > ) enclose
data types in a set, list, map, or tuple. Separate the data types with a comma.
|
cql_statement; |
End CQL statement. A semicolon ( ; ) terminates all CQL
statements. |
[ -- ] |
Separate the command line options from the command arguments with two hyphens (
-- ). This syntax is useful when arguments might be mistaken for
command line options. |
' <schema> ... </schema>
' |
Search CQL only: Single quotation marks ( ' ) surround an entire
XML schema declaration. |
@xml_entity='xml_entity_type' |
Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrconfig files. |
- kmip_groupname
- The user-defined name of the KMIP group that is configured in the kmip_hosts section of dse.yaml.
- kmip_key_id
- The key id on the KMIP provider.
Examples
To revoke a key to prevent decryption:
dsetool managekmip revoke kmipgrouptwo 02-540
After you revoke a key, you can destroy it:
dsetool managekmip destroy kmipgrouptwo 02-540