Refreshing keys on KMIP
Use the zkey kms refresh command to refresh secure keys that are bound to KMIP.
About this task
Refreshing a key updates the secure key by reimporting it from the KMIP server.
The zkey kms refresh command can be useful if the secure keys were not been reenciphered properly after a CCA or EP11 master key change, and thus became invalid. The zkey kms refresh command reimports the secure key under the current CCA or EP11 master key. Hence, you can use this command as an alternative to the zkey reencipher command for keys that are bound to a KMIP plug-in.
You can filter the list of keys to be refreshed by:
- Key name, option -N or --name
- Key type, option -K or --key-type
- Associated volumes, option -l or --volumes
- Volume type, option -l or --volume-type