Workflow for changing the encryption key

To change the encryption key for existing encrypted data, you must migrate the data to an encrypted parity group that has a different encryption key.

Use the following process to change the encryption key for encrypted data:

1. Create a new parity group.

2. Enable encryption with a new data encryption key. For details, see Enabling data encryption.

3. Format the LDEVs in the encrypted parity group. For instructions, see the Provisioning Guide for your storage system.

4. Migrate the source data to the new target LDEVs in the encrypted parity group.

When a drive is replaced, the data encryption keys that are allocated to that drive are deleted, and new data encryption keys are allocated when the new drive is added.