Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual

196

Fabric OS Encryption Administrator’s Guide (KMIP)

53-1002747-02

Decommissioning LUNs

3

3. Enter cryptocfg

--

show

-

decommissionedkeyids to obtain a list of all currently

decommissioned key IDs to be deleted after decommissioning key IDs manually from the key
vault.

FabricAdmin:switch> cryptocfg -show -decommissionedkeyids

4. Enter the cryptocfg

--

show

-

vendorspecific_keyid command to list the

vendor-specific key information for a given key ID.

FabricAdmin:switch> cryptocfg --show -vendorspecific_keyid
AA:8B:91:B0:35:6F:DA:92:8A:72:B3:97:92:1B:CA:B4
uuid = b7e07a6a-db64-40c2-883a-0bc6c4e923e6

5. Manually delete the listed key IDs from the key vault.

6. Enter the cryptocfg

--

delete

-

decommissionedkeyids command to purge all key IDs

associated with a decommissioned LUN.

FabricAdmin:switch> cryptocfg --delete -decommissionedkeyids

7. Enter the cryptocfg

--

show

-

decommissionedkeyids command to verify that the deleted

key IDs are no longer listed.

The cache is also cleared when cryptocfg

--

zeroizeEE is executed on the encryption engine.

NOTE

When a decommissioned LUN is reused and the decommissioned key IDs are listed using the
cryptocfg

--

show

-

decommissionedkeyids command, the entire list of decommissioned key IDs

since the first time the LUN was used is displayed.