kes key rm


Remove a key from the KES server.

Removing a Secret key prevents decrypting any cryptographic keys derived using that Secret key, which in turn prevents decrypting any objects encrypted with those cryptographic keys.

Removing a Secret Key renders all data encrypted using that key permanently unreadable.


kes key rm                \
        <name>            \
        [--insecure, -k]




The name of the existing key to remove. To remove more than one key, separate each key with a space.

--insecure, -k


Directs the command to skip x.509 certificate validation during the TLS handshake with the KES server. This allows connections to KES servers using untrusted certificates (i.e. self-signed or issued by an unknown Certificate Authority).

MinIO strongly recommends against using this option in production environments.


Remove a key:

kes key rm my-key

Remove two keys at the same time:

kes key rm my-key1 my-key2