Exclude/Preserve KMF Keys in Clone Profile
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-13-2022 07:42 PM
Hi! I actually have 2 questions:
1. When creating a custom clone profile, I see that the exclusions for tables under the "System Profile" also show up when I look at the custom clone profile. Are these exclusions also included in the custom profile? Or do exclusions apply only to their associated profile?
2. (The bigger question) I am trying to follow KB0961152 and exclude/preserve the sys_kmf_module_key and sys_kmf_instance_key tables in a custom clone profile, but I am unable to add them to the profile through the "Edit" button, and I am also unable to records for both in the "Exclude Tables" and "Preserve Data" tables, even after elevating my account to security_admin. Is this something only HI Portal is allowed to do? Or am I missing a step?
- Labels:
-
Clone

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2023 07:52 AM
The both tables are sys_kmf_module_key and sys_kmf_instance_key.
If you have access to your database, you can query directly from it:
select key_alias,sys_id,key_lifecycle_state,hmac from sys_kmf_key_metadata where sys_id in (select sys_id from sys_kmf_instance_key);
select key_alias,sys_id,key_lifecycle_state ,hmac from sys_kmf_key_metadata where sys_id in (select sys_id from sys_kmf_module_key);
Hope it help.