Data Domain: How to decrypt the encryption at rest data on a Data Domain file system

Summary: This KB describe the steps on how to decrypt the encryption at rest data on a Data Domain file system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Data Domain file system has encryption at rest enabled. The steps of how to decrypt the encryption at rest data on a Data Domain file system.

From DD CLI:

  1. Disable encryption: 
    filesys encryption disable
  2. Restart file system: 
    filesys restart
  3. Export current encryption keys for record purpose: 
    filesys encryption keys export
  4. Note current key IDs: 
    filesys encryption keys show
  5. Mark the key for destroyed: 
    filesys encryption keys destroy xx
    (xx = key ID returned from step 4)
  6. Apply the changes: 
    filesys encryption apply-changes
  7. Start file system cleaning: 
    filesys clean start
  8. Monitor GC status 
    filesys clean watch
  9. Once GC is completed, the key state should change to the destroyed state. Verify by: 
    filesys encryption keys show
  10. Delete the key: 
    filesys encryption keys delete xx
    (xx = key ID returned from step 4)

Affected Products

Data Domain

Products

Data Domain, Data Domain Encryption
Article Properties
Article Number: 000019767
Article Type: How To
Last Modified: 22 نيسان 2026
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.