Changing the encryption key for encrypted data
If you want to encrypt encrypted data with another encryption key, the data must be moved. You must create a new parity group with another encryption key and then move the data to that parity group using ShadowImage, TrueCopy, or Volume Migration. You can move data for each LDEV.
Procedure
Create a new parity group.
Enable encryption with a new data encryption key. See Enabling encryption.
Format the LDEVs in the encrypted parity group. For instructions, see the Provisioning Guide.
Migrate the source data to the new target LDEVs in the encrypted parity group. After migrating data, if you disable encryption of the source parity group, the encryption key assigned to the drive in the parity group is deleted, and a new encryption key is assigned. In addition, if a drive is replaced, the data encryption keys that are allocated to that drive are deleted, and new data encryption keys are allocated when the new drive is added.