Removing AES secure keys

Use the zkey remove command to remove an existing secure key from the secure key repository.

Specify the name of the key that is to be removed using the --name option. You cannot use wildcards. The remove command prompts for a confirmation, unless you specify the --force option.
Note: When removing a secure key that is associated with one or multiple volumes, and the key's volume type is PLAIN, a message informs you about the associated volumes. When the secure key is removed, these volumes can no longer be used, unless you have a backup of the secure key.

For keys with volume type LUKS2 no such message is issued, because the secure key is contained in the LUKS2 header.

Examples:

volume type LUKS2

#zkey remove --name  secure_xtskey1
zkey: Remove key 'secure_xtskey1'? y

volume type PLAIN

#zkey remove --name  secure_xtskey1
When you remove key 'secure_xtskey1' the following volumes will no longer be
usable:
  /dev/mapper/disk1:enc-disk1
zkey: Remove key 'secure_xtskey1'? y