Deleting a key or key group

You can delete a selected key or key group. You cannot delete a key or a key group that is associated with a device, or a key group that is marked as the default key group.

About this task

Delete keys only when the data protected by those keys is no longer needed. Deleting keys is like erasing the data. After keys are deleted, data that is protected by those keys is not retrievable.

You can use the Delete menu item or the following REST services to delete a key, or to delete the key group:
  • Delete Key REST Service
  • Group Delete REST Service
Your role must have permissions to the delete action and to the appropriate device group.
Before you delete, carry out the following verifications:
  • Key

    Ensure that a backup exists of the keystore with the key that you intend to delete.

  • Key group

    If you use the REST interface, obtain the uuid of the key group that you intend to delete. Verify that the key group is not currently associated with a device, and is not marked as a default key group.

Procedure

  1. Go to the appropriate page or directory:
    • Graphical user interface:
      1. Log on to the graphical user interface.
      2. In the Key and Device Management section on Welcome page, select LTO.
      3. Click Go to > Manage keys and devices.
      4. Alternatively, right-click LTO and select Manage keys and devices.
      5. On the management for LTO, select a key or key group in the appropriate column.
      6. Click Delete.
      7. Alternatively, right-click a key or key group and then select Delete.
    • REST interface:
      • Open a REST client.
  2. Delete the key or key group:
    • Graphical user interface:

      On the Confirm dialog, read the confirmation message before you delete the key or key group. Verify that the correct key or key group was selected. For example, you might delete an empty key group. Deleting a populated key group also deletes all the keys in the key group. Deleting a key that belongs to a key group also removes the key from the group. Then, click OK.

    • REST interface:
      • Key
        Use the Delete Key REST Service to delete a key. Use the List Key REST Service to find the key that you want to delete. For example, you can send the following HTTP request:
        GET https://localhost:port/SKLM/rest/v1/keys
        Content-Type: application/json 
        Accept : application/json
        Authorization: SKLMAuth userAuthId=139aeh34567m
        Send the following HTTP request to delete the key:
        DELETE https://localhost:port/SKLM/rest/v1/keys/aaa000000000000000000
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth userAuthId=139aeh34567m
      • Key Group
        Use the Group Delete REST Service to delete a key group. For example, you can send the following HTTP request:
        https://localhost:port/SKLM/rest/v1/keygroups/GROUP-7d588437-e725-
        48bf-a836-00a47df64e78
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth userAuthId=139aeh34567m

What to do next

Refresh the table to ensure that the key or key group is deleted. Back up the keystore to accurately reflect the change in keys. Back up the database to reflect the change in key groups.