Exclude/Preserve KMF Keys in Clone Profile

ColK
Tera Guru

Hi! I actually have 2 questions:

1. When creating a custom clone profile, I see that the exclusions for tables under the "System Profile" also show up when I look at the custom clone profile. Are these exclusions also included in the custom profile? Or do exclusions apply only to their associated profile?

2. (The bigger question) I am trying to follow KB0961152 and exclude/preserve the sys_kmf_module_key and sys_kmf_instance_key tables in a custom clone profile, but I am unable to add them to the profile through the "Edit" button, and I am also unable to records for both in the "Exclude Tables" and "Preserve Data" tables, even after elevating my account to security_admin. Is this something only HI Portal is allowed to do? Or am I missing a step?

5 REPLIES 5

Fr_d_ric Dhuez
Tera Contributor

The both tables are sys_kmf_module_key and sys_kmf_instance_key.

 

If you have access to your database, you can query directly from it:

 

select key_alias,sys_id,key_lifecycle_state,hmac from sys_kmf_key_metadata where sys_id in (select sys_id from sys_kmf_instance_key);

 

select key_alias,sys_id,key_lifecycle_state ,hmac from sys_kmf_key_metadata where sys_id in (select sys_id from sys_kmf_module_key);

 

Hope it help.