Disconnecting from external keystores

You can disconnect from keystores that are external to your service instance on IBM Cloud®, or from other cloud providers such as Microsoft Azure Key Vault, Amazon Web Services (AWS) Key Management Service (KMS), and Google Cloud KMS. After you disconnect from an external keystore, all the managed keys in this keystore are unlinked and resources that are managed are not accessible.

If you want to disconnect from an external keystore, delete all active keys in this keystore first. In other words, all keys with this keystore as a target are in Pre-active or Destroyed state. For more information about deleting keys, see Deleting managed keys. However, if the keystore is still on the distribution list of any key templates, you can still disconnect the keystore.

Disconnecting from external keystores with the UI

To disconnect from an external keystore by using the UI, complete the following steps:

Log in to the Hyper Protect Crypto Services instance.
Click Keystores from the navigation to view all the available keystores.
Click the keystore that you want to disconnect. The Details side panel is displayed.
Click Disconnect to disconnect the keystore and remove it from the keystore list.
Click Disconnect keystore to confirm.

The external keystore has been disconnected with all the managed keys and key templates unlinked. You will no longer be able to access any metadata associated with the keystore.

After you disconnect from an external keystore, you can reconnect to the keystores at any time. For more instructions, see Connecting to external keystores.

Disconnecting from external keystores with the API

To disconnect from an external keystore through the API, follow these steps:

Retrieve your service and authentication credentials to work with keystores in the service.
Disconnect from an external keystore by making a DELETE call to the following endpoint.
```
https://uko.<region>.hs-crypto.cloud.ibm.com:<port>/api/v4/keystores/<id>
```
Replace <id> with the ID of your keystore.

For detailed instructions and code examples about using the API method, check out the Hyper Protect Crypto Services Unified Key Orchestrator API reference doc.

What's next

To find out how to update the connection to an external keystore, check out Editing connection to external keystores.
To find out instructions on adding a keystore, check out Creating internal keystores or Connecting to external keystores.
To find out how to delete a vault, check out Deleting vaults.