Customer wants to decommission CMK (Customer Managed Keys) also known as BYOK (Bring Your Own Keys) from the Rally Subscription.

1. To totally decommission CMK, your KMS must be set and alive.
2. Engage Rally Support team to Disable the CMK module (Customer Managed Keys) on the subscription - so new attachments are not encrypted.
   • Note for this step: "Use CMK encryption only" will turn to OFF by itself as a result of Disabling the CMK module.
   • IMPORTANT - do not modify CMK_Encryption_Only after CMK module is disabled. (as of now it is possible, but it should not be).
3. Decrypt all attachments, this requires KMS to still be set and alive. -
   • WSAPI POST endpoint /slm/webservice/v2.x/kms/decryptremaining
   • This request is executed by a Subscription Admin. It might take some time for the request to kick off the job.
4. Verify that attachments are decrypted. How is verification confirmed?
   • WSAPI GET endpoint - /slm/webservice/v2.x/kms/jobstatus
   • This will provide the job status along with total numbers. 
5. Engage Rally Support to get confirmation that all attachments have been decrypted.