Removing a Disk from the Cryptographic Security Platform Vault for VM Encryption

The following procedure explains how to remove a disk from the Cryptographic Security Platform Vault for VM Encryption when you don't care about its contents. If you want to save the contents, you need to decrypt the disk before you remove it from the Cryptographic Security Platform Vault for VM Encryption. For details, see Decrypting a Disk Using the webGUI or Decrypting a Disk Using the CLI.

Important: This operation is destructive. You will lose all encrypted data that is stored on the disk.

1. For Linux, log into the VM as root. For Windows, log in as a System Administrator and open a Command Prompt or start Windows PowerShell.
2. Unmount the disk you want to remove.

3. Enter the command hcl rm [-y] <diskname | -a>, where:

   • -y makes the command non-interactive.
   • diskname | -a is the name of the disk that you want to remove or -a to remove all disks on the VM that are registered with the Cryptographic Security Platform Vault for VM Encryption. For Linux, use the short form of the disk name (for example, sdb1 instead of /dev/sdb1). For Windows, specify the drive letter or folder mount associated with the disk.

   The Cryptographic Security Platform Vault for VM Encryption issues an implicit hcl detach command and unregisters the disk(s) with the Cryptographic Security Platform Vault for VM Encryption. Any keys associated with the disk(s) are deleted and any encrypted data is now inaccessible.

   For example:

   # hcl rm sdd1
   WARNING: Removal of devices will cause any data stored on them to be permanently lost.
   Do you want to proceed? (y/n) y
   
   Removed device sdd1