Changing the encryption key
If you need to change a data encryption key, create a new data encryption key. To change the encryption key for existing encrypted data, you must migrate the data to an encrypted parity group that has a different encryption key. Use the following process to change the encryption key for encrypted data:
Procedure
-
Create a new parity group.
-
Enable encryption with a new data encryption key. See Encrypting data.
-
Format the LDEVs in the encrypted parity group. For instructions, see the Provisioning Guide.
-
Migrate the source data to the new target LDEVs in the encrypted parity group. When a drive is replaced, the data encryption keys that are allocated to that drive are deleted, and new data encryption keys are allocated when the new drive is added.