Console
    Start free

    Manage CMEK policies

    This page provides instructions on how to edit or delete a customer-managed encryption key (CMEK) policy.

    Edit a CMEK policy

    You can change the labels and description of a CMEK policy, but you cannot specify a different key to be used. To specify a different key, you need to update the CMEK policy, which only works if it isn't already being used by a storage pool.

    Use the following instructions to edit a CMEK policy using the Google Cloud console or Google Cloud CLI.

    Console

    Use the following instructions to edit a CMEK policy in the Google Cloud console. You can only change a CMEK policy description and its labels.

    1. Go to the NetApp Volumespage in the Google Cloud console.

      Go to NetApp Volumes

    2. Select CMEK policies.

    3. Find the CMEK policy you want to edit and click Show more.

    4. Select Edit.

    5. Optional: Change the description in the Descriptionfield.

    6. Optional: Add, modify, or delete labels.

    gcloud

    Run the following command to edit a CMEK policy in Google Cloud CLI:

     gcloud 
  
 neta 
 pp 
  
 kms 
 - 
 co 
 nf 
 igs 
  
 upda 
 te 
  
  CONFIG_NAME 
 
  
 \ 
  
 -- 
 projec 
 t 
 = PROJECT_ID 
 
  
 \ 
  
 -- 
 loca 
 t 
 io 
 n 
 = LOCATION 
 
  
 \ 
  
 -- 
 descrip 
 t 
 io 
 n 
 = DESCRIPTION 
 
  
 \ 
  
 -- 
 labels= LABELS 
 
  
 \

    For more options, see Google Cloud SDK documentation for Cloud Key Management Service .

    Delete a CMEK policy

    You can delete a CMEK policy if the policy is unused by any storage pools.

    Console

    Use the following instructions to delete a CMEK policy using the Google Cloud console:

    1. Go to the NetApp Volumespage in the Google Cloud console.

      Go to NetApp Volumes

    2. Select CMEK policies.

    3. Find the CMEK policy you want to delete and click Show more.

    4. Select Delete.

    5. To confirm your selection, enter a name in the CMEK policy namefield.

    6. Click Delete.

    gcloud

    Use the following instructions to delete a CMEK policy using the Google Cloud CLI.

    Delete the CMEK policy:

    gcloud  
netapp  
kms-configs  
delete  
 CONFIG_NAME 
  
 \ 
  
--project = 
 PROJECT_ID 
  
 \ 
  
--location = 
 LOCATION 
  
 \

    Replace the following information:

    • CONFIG_NAME : the name of the config

    • PROJECT_ID : the name of the project the CMEK policy is in

    • LOCATION : the region of the config you want to delete

    For more options, see Google Cloud SDK documentation for Cloud Key Management Service .

    What's next

    Migrate volumes to CMEK .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: