Rotate keys

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • For increased security, you can rotate your cryptographic keys on a pre-determined schedule. Key rotation is when you retire an encryption key and replace that old key by generating a new cryptographic key.

    시작하기 전에

    Role required: sn_kmf.cryptographic_manager

    이 태스크 정보

    Encryption modules, unlike encryption contexts, support a rekey of records for re-encryption with a new key. The following demonstrates how to perform a key rotation operation manually on a cryptographic module.

    프로시저

    1. Navigate to Key Management > Cryptographic Modules > All.
    2. Select the cryptographic module for key rotation.
    3. On the Module Keys tab, select the Active key.
      그림 1. Select the active key
      Select the active key from the Module Keys tab.
      Lifecycle key form to click Rotate Key.
    4. Select Rotate Key.
      The key life-cycle state changes to "Deactivated." The Last rotated date, Deactivation date, and Key version fields update.
    5. Return to Cryptographic Module > Module Keys.
      Displays the Module Keys tab with the key lifecycle states updated based on active and deactivated keys.
      There’s an extra module key listed in the table. The newly rotated key becomes "Active" and the last key is "Deactivated."