Edit or delete a CMEK policy

This page provides instructions on how to edit or delete a customer-managed encryption key (CMEK) policy.

Edit a CMEK policy

You can change the labels and description of a CMEK policy, but you cannot specify a different key to be used. To specify a different key, you need to update the CMEK policy, which only works if it isn't already being used by a storage pool.

Use the following instructions to edit a CMEK policy using the Google Cloud console or Google Cloud CLI.

Console

Use the following instructions to edit a CMEK policy in the Google Cloud console. You can only change a CMEK policy description and its labels.

  1. Go to the NetApp Volumes page in the Google Cloud console.

    Go to NetApp Volumes

  2. Select CMEK policies.

  3. Find the CMEK policy you want to edit and click Show more.

  4. Select Edit.

  5. Optional: Change the description in the Description field.

  6. Optional: Add, modify, or delete labels.

gcloud

Run the following command to edit a CMEK policy in Google Cloud CLI:

gcloud netapp kms-configs update CONFIG_NAME \
   --project=PROJECT_ID \
   --location=LOCATION \
   --description=DESCRIPTION \
   --labels=LABELS \

For more options, see Google Cloud SDK documentation for Cloud Key Management Service.

Delete a CMEK policy

You can delete a CMEK policy if the policy is unused by any storage pools.

Console

Use the following instructions to delete a CMEK policy using the Google Cloud console:

  1. Go to the NetApp Volumes page in the Google Cloud console.

    Go to NetApp Volumes

  2. Select CMEK policies.

  3. Find the CMEK policy you want to delete and click Show more.

  4. Select Delete.

  5. To confirm your selection, enter a name in the CMEK policy name field.

  6. Click Delete.

gcloud

Use the following instructions to delete a CMEK policy using the Google Cloud CLI.

Delete the CMEK policy:

gcloud netapp kms-configs delete CONFIG_NAME \
  --project=PROJECT_ID \
  --location=LOCATION \

Replace the following information:

  • CONFIG_NAME: the name of the config

  • PROJECT_ID: the name of the project the CMEK policy is in

  • LOCATION: the region of the config you want to delete

For more options, see Google Cloud SDK documentation for Cloud Key Management Service.

What's next

Migrate volumes to CMEK.