Encryption Administrators can disable encryption keys that are not currently assigned to a workspace. Before you can disable an encryption key, you must unassign it from each workspace to which it is assigned.

When you disable an encryption key:

  • The key is shown as disabled in the Status column of the Encryption Keys page.
  • The key is removed from the list of available keys shown in the Key drop-down of the Encrypted Workspaces page.
  • Workspaces encrypted with that key remain encrypted, including backup versions of the workspace.

To disable an encryption key:

  1. Unassign the key that you want to disable on each workspace to which it is assigned.
  2. In the Administration left-hand sidebar, select BYOK > Encryption Keys.
  3. Select the active key that you want to disable.
  4. Select Disable.

A red cross


in the Status column indicates that the key is disabled.