Scenario
This section describes how to use the management console to disable one or multiple CMKs, thereby protecting data in urgent cases.
After being disabled, a CMK cannot be used to encrypt or decrypt any data. Before using a disabled CMK to encrypt or decrypt data, you must enable it by following instructions in Enabling One or Multiple CMKs.
Default Master Keys created by KMS cannot be disabled.
Prerequisites
- You have obtained an account and its password for logging in to the management console.
- The CMK you want to disable is in Enabled status.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Choose . The Key Management Service page is displayed.
- In the row containing the desired CMK, click Disable.Figure 1 Disabling one CMK
