Brocade Fabric OS Encryption Administrator’s Guide Supporting Key Management Interoperability Protocol (KMIP) Key-Compliant Environments (Supporting Fabric OS v7.1.0) User Manual
Page 214

196
Fabric OS Encryption Administrator’s Guide (KMIP)
53-1002747-02
Decommissioning LUNs
3
3. Enter cryptocfg
--
show
-
decommissionedkeyids to obtain a list of all currently
decommissioned key IDs to be deleted after decommissioning key IDs manually from the key
vault.
FabricAdmin:switch> cryptocfg -show -decommissionedkeyids
4. Enter the cryptocfg
--
show
-
vendorspecific_keyid
vendor-specific key information for a given key ID.
FabricAdmin:switch> cryptocfg --show -vendorspecific_keyid
AA:8B:91:B0:35:6F:DA:92:8A:72:B3:97:92:1B:CA:B4
uuid = b7e07a6a-db64-40c2-883a-0bc6c4e923e6
5. Manually delete the listed key IDs from the key vault.
6. Enter the cryptocfg
--
delete
-
decommissionedkeyids command to purge all key IDs
associated with a decommissioned LUN.
FabricAdmin:switch> cryptocfg --delete -decommissionedkeyids
7. Enter the cryptocfg
--
show
-
decommissionedkeyids command to verify that the deleted
key IDs are no longer listed.
The cache is also cleared when cryptocfg
--
zeroizeEE is executed on the encryption engine.
NOTE
When a decommissioned LUN is reused and the decommissioned key IDs are listed using the
cryptocfg
--
show
-
decommissionedkeyids command, the entire list of decommissioned key IDs
since the first time the LUN was used is displayed.