Changing the encryption key
If you need to change a data encryption key, create a new data encryption key. To change the encryption key for existing encrypted data, you must migrate the data to an encrypted parity group that has a different encryption key. Use the following process to change the encryption key for encrypted data:
Procedure
Create a new parity group.
Enable encryption with a new data encryption key. See Encrypting data.
Format the LDEVs in the encrypted parity group. For instructions, see the Provisioning Guide.
Migrate the source data to the new target LDEVs in the encrypted parity group. When a drive is replaced, the data encryption keys that are allocated to that drive are deleted, and new data encryption keys are allocated when the new drive is added.