Contrarily to the KMS keys, HSM keys must not be Revoked before being Destroyed. The Destroy operation will remove the key from the HSM.
Only the user identified by the hsm-admin argument or a user granted the Destroy operation (by the HSM admin) can destroy keys in the HSM.
To destroy the key hsm::4::my_rsa_key, the following command can be used:
❯ cosmian kms rsa keys destroy --key-id hsm::4::my_rsa_key
Successfully destroyed the key.
Unique identifier: hsm::4::mykey
To destroy the corresponding public key hsm::4::my_rsa_key_pk, the following command can be used:
❯ cosmian kms rsa keys destroy --key-id hsm::4::my_rsa_key_pk
Successfully destroyed the object.
Unique identifier: hsm::4::my_rsa_key_pk