Re-encrypt Existing Controller and CoPilot Volumes Using a Custom Key

You can re-encrypt your existing Controller and CoPilot volumes using a custom key.


To proceed with the re-encryption process, check the prerequisites below:

  1. Make sure the data on the Controller and CoPilot volumes are fully backed up.

  2. Make sure your custom key meet the encryption standards and is stored securely.

Re-encrypt Existing Controller and CoPilot Volumes

  1. Log into CoPilot, from Settings > Resources > Index Management, click the download button to download the index lists.

  2. Identify your old volume ID. Go to your cloud service provider console. Select your Aviatrix CoPilot deployment and under the Storage section, locate and note down the volume ID you intend to re-encrypt with your custom key.

  3. Create a snapshot. Go to Elastic Block Store > Snapshots > Create snapshot. On the Create snapshot page, select the old volume ID from the volume drop-down list to generate a snapshot.

  4. Create a volume from snapshot.

    1. Once the snapshot is created, select it and then click Action > Create volume from snapshot.

    2. On the subsequent volume settings page,specify your custom KMS key. Then click Create volume.

  5. Detach the old volume. Click the old volume, then click Action > Detach volume, click Detach to confirm.

  6. Attach the new volume that you encrypted with your custom KMS key.

    1. Go to the Volumes section, click the newly created volume, from Actions > Attach volume.

    2. On the Attach volume page, choose the intended instance from the drop-down list.

    3. Click Attach volume to confirm the volume attachment.

  7. Verify the new volume with custom KMS key.

    1. Go to EC2 > Instances page, you can check the Storage tab, where the new volumes should be listed.

    2. You can also go to CoPilot, from Settings > Resources > Index Management, make sure the listed indices match those previously downloaded.