Edit or delete a CMEK policy

This page provides instructions on how to edit or delete a customer-managed encryption key (CMEK) policy.

Edit a CMEK policy

Use the following instructions to edit a CMEK policy using the Google Cloud console or Google Cloud CLI.

Console

Use the following instructions to edit a CMEK policy in the Google Cloud console. You can only change a CMEK policy description and its labels.

  1. Go to the NetApp Volumes page in the Google Cloud console.

    Go to NetApp Volumes

  2. Select CMEK policies.

  3. Find the CMEK policy you want to edit and click Show more.

  4. Select Edit.

  5. Optional: Change the description in the Description field.

  6. Optional: Add, modify, or delete labels.

gcloud

Use the following instructions to edit a CMEK policy in Google Cloud CLI:

  1. Run the following command:

    kms-configs update

Delete a CMEK policy

You can delete a CMEK policy if the policy is unused by any storage pools.

Console

Use the following instructions to delete a CMEK policy using the Google Cloud console:

  1. Go to the NetApp Volumes page in the Google Cloud console.

    Go to NetApp Volumes

  2. Select CMEK policies.

  3. Find the CMEK policy you want to delete and click Show more.

  4. Select Delete.

  5. To confirm your selection, enter a name in the CMEK policy name field.

  6. Click Delete.

gcloud

Use the following instructions to delete a CMEK policy using the Google Cloud CLI.

Delete the CMEK policy:

   gcloud netapp kms-configs delete CONFIG_NAME \
     --project=PROJECT_ID \
     --location=LOCATION \

Replace the following information:

  • CONFIG_NAME: the name of the config

  • PROJECT_ID: the name of the project the CMEK policy is in

  • LOCATION: the region of the config you want to delete

For more options, run the following command:

  gcloud netapp kms-configs delete --help

What's next

Migrate volumes to CMEK.