Deleting internal keystores

You can delete internal keystores in Unified Key Orchestrator with the UI, or programmatically with the Unified Key Orchestrator API. After you delete an internal keystore, all the managed keys are deactivated in this keystore， and associated resources are unlinked.

To delete an internal keystore, delete all activated keys in this keystore first. The key metadata remains in the keystore for 90 days before it gets removed automatically. You can delete the keystore only after the key metadata gets removed. If you want to delete the keystore immediately, manually remove all key metadata using the KMS API in 4 hours after you destroy the key. Make sure that you have the KMS Key Purge role assigned. For more information about roles, see Managing user access. However, if the keystore is still on the distribution list of any key templates, you can still delete the keystore.

Deleting internal keystores with the UI

To delete an internal keystore by using the UI, complete the following steps:

Log in to the Hyper Protect Crypto Services instance.
Click Keystores from the navigation to view all the available keystores.
Click the keystore that you want to delete. The side panel is displayed.
Click Delete to delete the keystore and all the metadata.
Click Delete keystore to confirm the deletion.

The internal keystore has been deleted with all the managed keys deactivated and key templates unlinked. You will no longer be able to access any metadata associated with the keystore.

Deleting internal keystores with the API

To delete an internal keystore through the API, follow these steps:

Retrieve your service and authentication credentials to work with keystores in the service.
Delete an internal keystore by making a DELETE call to the following endpoint.
```
https://uko.<region>.hs-crypto.cloud.ibm.com:<port>/api/v4/keystores/<id>
```
Replace <id> with the ID of your keystore.

For detailed instructions and code examples about using the API method, check out the Hyper Protect Crypto Services Unified Key Orchestrator API reference doc.

What's next

To find out instructions on adding a keystore, check out Creating internal keystores or Connecting to external keystores.
To find out instructions on editing an internal keystore, check out Editing internal keystores.
To find out how to delete a vault, check out Deleting vaults.