Changing SEK Properties
After you create the Cloud VM Set, you can enable or disable the use of SEK for the set as long as there are no VMs registered with the set. If one or more VMs are registered with the Cloud VM Set, you can no longer change these properties.
Tip: If you want to change the cipher Cryptographic Security Platform Vault uses for the SEK keys, disable SEK for the Cloud VM Set then re-enable it. You can only set the cipher when you first enable SEK.
If you want to change the expiration date or expiration option for a SEK key, see Changing the SEK Key Expiration Options.
 Enabling SEK for the Cloud VM Set
Enabling SEK for the Cloud VM Set
                                                - Log into the Cryptographic Security Platform Vault for VM Encryption webGUI on any node in the cluster using an account with Cloud Admin privileges for the Cloud VM Set you want to modify.
- In the top menu bar, click Workloads.
- On the VM Sets tab, select the Cloud VM Set for which you want to enable SEK.
- On the Details tab, click Enable in the Single Encryption Key field.
- 
                                                            In the Enable Single Encryption Key dialog box, specify the options you want to use. Option Description Single Key Encryption Expiration The date on which the SEK key will expire or "Never" if the SEK never expires. If you specify a date and the SEK key expires, access to every encrypted disk on every VM in the Cloud VM Set will be denied. What happens to the SEK key depends on the setting in the Expiration Action field. Single Key Encryption Expiration Action - No Use—The key is deactivated but retained. It can be reactivated by setting a future expiration date, or by setting the expiration date to "Never". At that point, all access to the encrypted data will be restored. This is the default.
- Shred—The key is destroyed and cannot be retrieved. You should only use this option if you are absolutely certain that you will never again need to access the data encrypted by this key. If a key is shredded, any data encrypted by this key cannot be decrypted.
 
- When you are done, click Enable. Cryptographic Security Platform Vault creates a SEK key that it will use to encrypt all disks in all VMs registered with this Cloud VM Set until you generate a new SEK key. For details, see Generating a New SEK Key.
 Disabling SEK for the Cloud VM Set
Disabling SEK for the Cloud VM Set
                                                - Log into the Cryptographic Security Platform Vault for VM Encryption webGUI on any node in the cluster using an account with Cloud Admin privileges for the Cloud VM Set you want to modify.
- In the top menu bar, click Workloads.
- On the VM Sets tab, select the Cloud VM Set for which you want to disable SEK.
- On the Details tab, click Disable in the Single Encryption Key field.
- Confirm that you want to disable SEK at the prompt.
