Rotate keys

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:1分

    • For increased security, you can rotate your cryptographic keys on a pre-determined schedule. Key rotation is when you retire an encryption key and replace that old key by generating a new cryptographic key.

    始める前に

    Role required: sn_kmf.cryptographic_manager

    このタスクについて

    Encryption modules, unlike encryption contexts, support a rekey of records for re-encryption with a new key. The following demonstrates how to perform a key rotation operation manually on a cryptographic module.

    手順

    1. Navigate to Key Management > Cryptographic Modules > All.
    2. Select the cryptographic module for key rotation.
    3. On the Module Keys tab, select the Active key.
      図 : 1. Select the active key
      Select the active key from the Module Keys tab.
      Lifecycle key form to click Rotate Key.
    4. Select Rotate Key.
      The key life-cycle state changes to "Deactivated." The Last rotated date, Deactivation date, and Key version fields update.
    5. Return to Cryptographic Module > Module Keys.
      Displays the Module Keys tab with the key lifecycle states updated based on active and deactivated keys.
      There’s an extra module key listed in the table. The newly rotated key becomes "Active" and the last key is "Deactivated."