Deletes a key.

tsactl delete-key -k <key-id> [-p <pin>] [-t <token>] [-v <vendor>] [-y]

For example:

$ sudo ./tsactl delete-key -k c403e0abae421c73625666dcff26dacf184eddd4 -y
Obtaining loaded secrets and configuration... Done
Starting PKCS #11 Manager... Done
Using token with label pking203
Deleted public key with id c403e0abae421c73625666dcff26dacf184eddd4
Deleted private key with id c403e0abae421c73625666dcff26dacf184eddd4

See below for a description of each option.

-k <key_id>

Select the key with the <key_id> identifier.

Run the evactl list-keys command to get the key identifiers.

Mandatory: Yes.

-p <pin>

Authenticate in the HSM with the <pin> PIN.

Mandatory: No. When omitting this option, the command looks for the PIN in the application secrets. If not found, prompts the user for the PIN.

-t <token>

Select the HSM token with the <token> label.

Mandatory: No. When omitting this option, the command uses the value of the Token label configuration parameter.

The command will raise an error if you omit this option and the configuration is not loaded.

-v <vendor>

Use the <vendor> security module. See the following table for the supported values.

Vendor

Security module

​none

Built-in software PKCS #11 module.

nshield

nShield HSM. See HSM requirements for the supported models.

thales

Thales HSM. See HSM requirements for the supported models.

It is recommended to select a Hardware Security Module (HSM).

Mandatory: No. When omitting this option, the command assumes the value of the Vendor configuration parameter.

The command will raise an error if you omit this option and the configuration is not loaded.

-y

Skip the confirmation prompt.