After you configure encryption on the system, you can manage encryption keys by using the
management GUI or the command-line interface.
Rekeying an encryption-enabled system using a key server
If you configured key servers to manage encryption keys, you can generate new keys with the encryption key servers. Rekeying is the process of creating a new key for the system. To create a new key, encryption must be enabled on the system; however, the rekey operation works whether or not there are encrypted objects.Encryption is supported on Lenovo Storage V5030 models only.
Rekeying an encryption-enabled system using a USB flash drive
If you have configured encryption with USB flash drives, you can create new keys and store them on USB flash drives. Rekeying is the process of creating a new key for the system. To create a new key, encryption must be enabled on the system; however, the rekey operation works whether or not there are encrypted objects.Encryption is supported on Lenovo Storage V5030 models only.
Changing the primary key server You can change which configured key server is the primary key server with the management GUI or the command-line interface. One key server must be configured as the primary key server on the system and in IBM Security Key Lifecycle Manager. The primary key server copies encryption keys to any additional key servers that are configured for the system. Usually you need to change the primary key server only if the primary key server changes on the IBM Security Key Lifecycle Manager.
Migrating between key management methods You can migrate between USB flash drive and key server-based encryption non-disruptively by using the management GUI or the command-line interface. To migrate from key servers to USB flash drives, use the command line interface only. During migration, the system supports simultaneous configuration of both key management methods. After the migration completes, you can disable the old key management method.
Disabling encryption
You can use either the management GUI or the command-line interface to disable encryption on the system.