This page provides instructions on how to edit or delete a customer-managed encryption key (CMEK) policy.
Edit a CMEK policy
You can change the labels and description of a CMEK policy, but you cannot specify a different key to be used. To specify a different key, you need to update the CMEK policy, which only works if it isn't already being used by a storage pool.
Use the following instructions to edit a CMEK policy using the Google Cloud console or Google Cloud CLI.
Console
Use the following instructions to edit a CMEK policy in the Google Cloud console. You can only change a CMEK policy description and its labels.
Go to the NetApp Volumes page in the Google Cloud console.
Select CMEK policies.
Find the CMEK policy you want to edit and click Show more.
Select Edit.
Optional: Change the description in the Description field.
Optional: Add, modify, or delete labels.
gcloud
Run the following command to edit a CMEK policy in Google Cloud CLI:
gcloud netapp kms-configs update CONFIG_NAME \ --project=PROJECT_ID \ --location=LOCATION \ --description=DESCRIPTION \ --labels=LABELS \
For more options, see Google Cloud SDK documentation for Cloud Key Management Service.
Delete a CMEK policy
You can delete a CMEK policy if the policy is unused by any storage pools.
Console
Use the following instructions to delete a CMEK policy using the Google Cloud console:
Go to the NetApp Volumes page in the Google Cloud console.
Select CMEK policies.
Find the CMEK policy you want to delete and click Show more.
Select Delete.
To confirm your selection, enter a name in the CMEK policy name field.
Click Delete.
gcloud
Use the following instructions to delete a CMEK policy using the Google Cloud CLI.
Delete the CMEK policy:
gcloud netapp kms-configs delete CONFIG_NAME \ --project=PROJECT_ID \ --location=LOCATION \
Replace the following information:
CONFIG_NAME
: the name of the configPROJECT_ID
: the name of the project the CMEK policy is inLOCATION
: the region of the config you want to delete
For more options, see Google Cloud SDK documentation for Cloud Key Management Service.