Updated on 2022-02-22 GMT+08:00

Disabling One or Multiple CMKs

Scenario

This section describes how to use the management console to disable one or multiple CMKs, thereby protecting data in urgent cases.

After being disabled, a CMK cannot be used to encrypt or decrypt any data. Before using a disabled CMK to encrypt or decrypt data, you must enable it by following instructions in Enabling One or Multiple CMKs.

Default Master Keys created by KMS cannot be disabled.

Prerequisites

  • You have obtained an account and its password for logging in to the management console.
  • The CMK you want to disable is in Enabled status.

Procedure

  1. Log in to the management console.
  2. Choose Security > Key Management Service. The Key Management Service page is displayed.
  3. In the row containing the desired CMK, click Disable.

    Figure 1 Disabling one CMK

  4. In the dialog box that is displayed, click Yes to disable the CMK.

    To disable multiple CMKs at a time, select them and click Disable in the upper left corner of the list.