Changing AES secure keys
Use the zkey change command to change the description, the associated volumes, the associated cryptographic coprocessors (APQNs), the sector size, and the volume type of a secure key contained in the secure key repository.
Specify the name of the key that is to be changed using the --name option. You
cannot use wildcards.
You can set, replace, add, or remove volume and cryptographic coprocessor (APQN) associations. To set or replace an
association, specify the association with the --volumes or the
--apqns options. To add an association, specify the new association prefixed with a
+ sign with the --volumes or the --apqns option. To remove an
association, specify the association to remove prefixed with a − sign with the
--volumes or the --apqns option. You cannot mix + and − in one
specification. You can either add or remove or set the associations with one command.
Example:
# zkey change --name secure_xtskey1 --volumes +/dev/mapper/disk2:enc-disk2 # zkey change --name secure_xtskey1 --apqns -04.0039 # zkey change --name secure_xtskey1 --volume-type plain # zkey change --name secure_xtskey1 --sector-size 4096