Clearing the key management server configuration

Clearing the key management server (KMS) configuration disables node encryption on your appliance. After clearing the KMS configuration, the data on your appliance is permanently deleted and is no longer accessible. This data is not recoverable.

Before you begin

Attention: If you need to preserve data on the appliance, you must perform a node decommission procedure before you clear the KMS configuration. When KMS is cleared, data on the appliance will be permanently deleted and no longer accessible. This data is not recoverable.

Decommission the node to move any data it contains to other nodes in StorageGRID. See the recovery and maintenance instructions for grid node decommissioning.

About this task

Clearing the appliance KMS configuration disables node encryption, removing the association between the appliance node and the KMS configuration for the StorageGRID site. Data on the appliance is then deleted and the appliance is left in a pre-install state. This process cannot be reversed.

You must clear the KMS configuration:

Attention: Decommission the appliance before clearing KMS to move its data to other nodes in your StorageGRID system. Clearing KMS before decommissioning the appliance will result in data loss and might render the appliance inoperable.

Procedure

  1. Open a browser, and enter one of the IP addresses for the appliance's compute controller.
    https://Controller_IP:8443

    Controller_IP is the IP address of the compute controller (not the storage controller) on any of the three StorageGRID networks.

    The StorageGRID Appliance Installer Home page appears.

  2. Select Configure Hardware > Node Encryption.

    KMS clear configuration
    Attention: If the KMS configuration is cleared, data on the appliance will be permanently deleted. This data is not recoverable.
  3. At the bottom of the window, select Clear KMS Key and Delete Data.
  4. If you are sure that you want to clear the KMS configuration, type clear and select Clear KMS Key and Delete Data.

    KMS clear confirmation
    The KMS encryption key and all data are deleted from the node, and the appliance reboots. This can take up to 20 minutes.
  5. Open a browser, and enter one of the IP addresses for the appliance's compute controller.
    https://Controller_IP:8443

    Controller_IP is the IP address of the compute controller (not the storage controller) on any of the three StorageGRID networks.

    The StorageGRID Appliance Installer Home page appears.

  6. Select Configure Hardware > Node Encryption.
  7. Verify that node encryption is disabled and that the key and certificate information in Key Management Server Details and the Clear KMS Key and Delete Data control are removed from the window.
    Node encryption cannot be reenabled on the appliance until it is reinstalled in a grid.

After you finish

After the appliance reboots and you have verified that KMS has been cleared and that the appliance in a pre-install state, you can physically remove the appliance from your StorageGRID system. See the recovery and maintenance instructions for information about preparing an appliance for reinstallation.