You can delete a selected key or key group. You cannot delete a key or a key group that
is associated with a device, or a key group that is marked as the default key group.
About this task
Delete keys only when the data protected by those keys is no longer
needed. Deleting keys is like erasing the data. After keys are deleted, data that is protected by
those keys is not retrievable.
You can use the
Delete menu item or the following REST services to delete
a key, or to delete the key group:
- Delete Key REST Service
- Group Delete REST Service
Your role must have permissions to the delete action and to
the appropriate device group.
Before
you delete, carry out the following verifications:
- Key
Ensure
that a backup exists of the keystore with the key
that you intend to delete.
- Key group
If you use the REST interface, obtain the uuid of the key group that you
intend to delete. Verify that the key group is not currently associated with a device, and is not
marked as a default key group.
Procedure
-
Go to the appropriate page or directory:
- Graphical user interface:
- Log on to the graphical user interface.
- In the Key and Device Management section on Welcome page, select
LTO.
- Click .
- Alternatively, right-click LTO and select Manage keys and
devices.
- On the management for
LTO
, select a key or key group in the appropriate
column.
- Click Delete.
- Alternatively, right-click a key or key group and then select
Delete.
- REST interface:
-
Delete the key or key group:
- Graphical user interface:
On the Confirm dialog,
read
the confirmation message before you delete the key or key group. Verify
that the correct key or key group was selected. For example, you might
delete an empty key group. Deleting a populated key group also
deletes all the keys in the key group. Deleting a key that belongs
to a key group also removes the key from the group. Then, click OK.
- REST interface:
- Key
Use the
Delete Key REST Service to delete a key. Use the
List
Key REST Service to find the key that you want to delete. For example, you can send the
following HTTP request:
GET https://localhost:port/SKLM/rest/v1/keys
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Send the following HTTP request to delete
the
key:
DELETE https://localhost:port/SKLM/rest/v1/keys/aaa000000000000000000
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
- Key Group
Use the
Group Delete REST Service to delete a key group. For
example, you can send the following HTTP
request:
https://localhost:port/SKLM/rest/v1/keygroups/GROUP-7d588437-e725-
48bf-a836-00a47df64e78
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
What to do next
Refresh the
table to ensure that the key or key group
is deleted. Back up the keystore to accurately reflect the change
in keys. Back up the database to reflect the change in key groups.