Renaming AES secure keys

Use the zkey rename command to rename a secure key in the secure key repository.

Specify the name of the key that is to be renamed using the --name option and the new name using the --new-name option. You cannot use wildcards.

Note: When renaming a secure key that is associated with one or multiple volumes, and the key's volume type is PLAIN, a message informs you about the associated volumes. When the secure key is renamed, these volumes can no longer be used, unless you change the name of the secure key in the cryptsetup plainOpen commands and in the /etc/crypttab entries.

For keys with volume type LUKS2 no such message is issued, because the secure key is contained in the LUKS2 header.

Examples:

volume type LUKS2

# zkey rename --name secure_xtskey1 --new-name secure_xtskey2

volume type PLAIN

# zkey rename --name secure_xtskey1 --new-name secure_xtskey2
The following volumes are associated with the renamed key 'secure_xtskey2'. You
should adjust the corresponding crypttab entries and 'cryptsetup plainOpen'
commands to use the new name.
  /dev/mapper/disk1:enc-disk1