Create module life-cycle policy exceptions

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Create a module policy exception to change the life-cycle policy of a key only for a specific on one instance.

    Before you begin

    Role required: sn_kmf.cryptographic_manager and sn_kmf.admin

    Exceptions apply only to that module and not to the entire instance. For example, an administrator configured symmetric keys to be limited to one year at the instance level. An exception can be made at the module level to be two years.

    Procedure

    1. Navigate to All > Key Management > Cryptographic Modules All.
    2. Select the cryptographic module that will use the policy exceptions.
    3. In the Cryptographic Module table, select the Module Policy Exceptions tab.
    4. Select New.
    5. Complete the form.
      Table 1. Module Policy Exceptions fields
      Field Description
      Crypto Module Name of the module selected. This field is read only.
      Applies to Specified key is auto-populated.
      Key Type Key type that the exception policies are related to.
      Note:
      You may only select a single key type, but multiple exception policies can be created per cryptographic module.
      Policy condition Customizable condition which determines when the policy exception applies.
      Result The result that occurs when the condition in the Policy Condition field is met.
      • Reject rejects usage of the key.
      • Track allows the key to be used.
    6. Select Submit to be returned to the Cryptographic Module table.