Deleting a client or a cryptographic object

You can delete a client and its cryptographic objects from the IBM® Security Guardium® Key Lifecycle Manager database when they are no longer needed.

Before you begin

  • Ensure that your role has the required permissions to delete a client and cryptographic object.
  • Ensure that the current backup for the IBM Security Guardium Key Lifecycle Manager database exists.
  • If you want to delete a client, ensure that it does not have any associated cryptographic objects.

About this task

You can delete a client from the graphical user interface or by using REST APIs. Cryptographic objects that are associated with a client that uses KMIP for communication can be deleted via the applicable KMIP operation. Cryptographic objects that are associated with a client that uses REST APIs for communication can be deleted by using IBM Security Guardium Key Lifecycle Manager REST APIs.

Procedure

  1. To delete a cryptographic object that is associated with:
    Option Description
    Client that uses REST APIs for communicating with the IBM Security Guardium Key Lifecycle Manager server Delete Object REST Service.
    Client that uses KMIP for communicating with the IBM Security Guardium Key Lifecycle Manager server Appropriate KMIP operation. See http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip.
  2. To delete a client from the graphical user interface, complete the following steps:
    1. Log in to the graphical user interface.
    2. Click Clients.
      The Client page is displayed.
    3. Ensure that there are no cryptographic objects associated with the client that you want to delete. If not, delete them first.
    4. Select the client that you want to delete, and click Delete.
      A confirmation dialog is displayed.
    5. Click OK. The client is removed from the IBM Security Guardium Key Lifecycle Manager database.
    Alternatively, you can use the Delete Client REST Service.