Removing AES secure keys
Use the zkey remove command to remove an existing secure key from the secure key repository.
Specify the name of the key that is to be removed using the
--name option. You
cannot use wildcards. The remove command prompts for a confirmation, unless you
specify the --force option. Note: When removing a secure key that is associated
with one or multiple volumes, and the key's volume type is PLAIN, a message informs you about the
associated volumes. When the secure key is removed, these volumes can no longer be used, unless you
have a backup of the secure key.
For keys with volume type LUKS2 no such message is issued, because the secure key is contained in the LUKS2 header.
Examples:
volume type LUKS2
#zkey remove --name secure_xtskey1 zkey: Remove key 'secure_xtskey1'? y
volume type PLAIN
#zkey remove --name secure_xtskey1 When you remove key 'secure_xtskey1' the following volumes will no longer be usable: /dev/mapper/disk1:enc-disk1 zkey: Remove key 'secure_xtskey1'? y