Help Center>
Data Encryption Workshop>
User Guide>
Key Management Service>
Managing CMKs>
Disabling One or More CMKs
Updated on 2023-01-31 GMT+08:00
Disabling One or More CMKs
This section describes how to use the KMS console to disable one or more CMKs, thereby protecting data in urgent cases.
After being disabled, a CMK cannot be used to encrypt or decrypt any data. Before using a disabled CMK to encrypt or decrypt data, you must enable it by following instructions in Enabling One or More CMKs.
Prerequisites
The CMK you want to disable is in Enabled status.
Constraints
- Default master keys created by KMS cannot be disabled.
- A disabled CMK is still billable. It will stop incurring charges if it is deleted.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
. Choose . - In the row containing the desired CMK, click Disable.
Figure 1 Disabling one CMK
- In the dialog box that is displayed, select I understand the impact of disabling keys and click OK.
To disable multiple CMKs at a time, select them and click Disable in the upper left corner of the list.
Parent topic: Managing CMKs
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
