Scheduling Operations
CCKM allows you to periodically refresh or rotate keys in the background. To refresh or rotate keys, you need to create schedule configuration. A schedule configuration defines when to run a refresh or rotation job. You can use either basic format or cron format to specify the time when the rotation or refresh job will run.
Specify basic format in the following order:
[Repeats, at]
Where,
Repeats: frequency of the scheduler. Possible values are daily, weekly, monthly, and yearly.
at: specific time at which the rotation or refresh operation will be performed. Possible value lies between 12:00-11:00 AM/PM UTC.
Specify cron format in the following order:
"* * * * *"
These five values indicate when the job should be executed. These values are mandatory and must be specified in order of minute, hour, day of month, month, and day of week.
The following table lists the accepted values:
Field | Allowed values | Allowed special characters |
---|---|---|
Minute | 0-59 | * / , - |
Hour | 0-23 | * / , - |
Day of month | 1-31 | * / , - ? |
Month | 1-12 or JAN-DEC | * / , - |
Day of week | 0-6 or SUN-SAT | * / , - ? |
Adding Key Rotation Schedule
A key rotation schedule replaces selected keys with new cryptographic keys at the specified time.
To add key rotation schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click Add Schedule. The Add New Schedule wizard is displayed.
Select Schedule Type as Key Rotation.
Click Next.
On the General Info screen, enter or select following details:
Enter a unique Scheduler Name.
Select Oracle from the Cloud Name drop-down list.
Add Description for the scheduler in a maximum of 250 characters.
Select Enable Schedule to enable the schedule.
Click Next.
On the Schedule Config screen, enter or select the following details.
Configure DURATION for the scheduler. Specify the schedule start and end time:
Schedule Starts: Specify time when the schedule starts.
Schedule Ends: Unavailable by default, that is, the scheduler never expires.
Never: Selected by default, that is, the scheduler configuration never expires.
To set an end time for the scheduler, clear the Never check box, and specify the Scheduler Ends time.
Configure FREQUENCY of the scheduler. The frequency determines how often the scheduler will rotate keys. Select either Basic or Raw (Cron) format to specify the value.
Click Save.
A message Schedule successfully created is displayed on the screen. The newly created schedule is displayed in the schedules list.
Adding Key Refresh Schedule
A key refresh schedule synchronizes keys from linked Oracle vaults to Cloud Key Manager.
To add a key refresh schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click Add Schedule. The Add New Schedule wizard is displayed.
Select Schedule Type as Key Refresh.
Click Next.
On the General Info screen, enter or select following details:
Enter a unique Scheduler Name.
Select Oracle from the Cloud Name drop-down list.
Add Description for the scheduler in a maximum of 250 characters.
Select Enable Schedule to enable the schedule.
Click Next.
On the "Schedule Config screen, enter or select the following details.
Configure DURATION for the scheduler. Specify the schedule start and end time:
Schedule Starts: Specify time when the schedule starts.
Schedule Ends: Unavailable by default, that is, the scheduler never expires.
Never: Selected by default, that is, the scheduler configuration never expires.
To set an end time for the scheduler, clear the Never check box, and specify the Scheduler Ends time.
Configure FREQUENCY of the scheduler. The frequency determines how often the scheduler will rotate keys. Select either Basic or Raw (Cron) format to specify the value.
Click Next.
On the Add Vaults screen:
Select the desired vault from the Refresh Keys from Selected Vault(s) drop-down list.
Click the + button. Similarly, you can add more vaults. To remove a vault, click the close (X) icon in the name of the vault.
Alternatively, if you want to refresh all the existing vaults, select the Refresh All Vaults check box. When selected, the Refresh Keys from Selected Vault(s) field becomes unavailable.
Click Save.
A message Schedule successfully created is displayed on the screen. The newly created scheduled is displayed in the schedules list.
Viewing/Editing Schedules
To view/edit a schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The Schedules page displays the following details:
Field Description Name Unique name of the scheduler configuration. Schedule Type Type of the schedule. Possible types are:
• Key Rotation
• Key RefreshCloud Name Name of the cloud. Last Modified Time when the schedule is modified. Frequency Frequency of the scheduler configuration. Start Date Start time of the scheduler configuration. End Date Expiry time of the scheduler configuration. Never
is displayed if the schedule is set to never expire.Status Status of the scheduler configuration. Possible values are:
• Enabled
• DisabledClick the overflow icon () corresponding to the desired schedule and click View/Edit.
Alternatively, click the Name link corresponding to the desired schedule.
Edit or configure the following information:
GENERAL INFO:
Basic description of the schedule.
Status of the scheduler configuration. Select Enable Schedule to enable the schedule, clear to disable.
SCHEDULE CONFIG: Scheduler configuration parameters such as duration and frequency of the schedule. Refer to the key rotation Schedule Config screen or key refresh Schedule Config screen, as appropriate for details.
ORACLE VAULTS: (For key refresh schedules only) Select vaults for the key refresh schedule.
To add a vault:
Select the desired vault from the Refresh Keys from Selected Oracle Vault(s) drop-down list.
Click + button. Similarly, you can add more vaults. To remove a vault, click the close (X) icon in the name of the vault.
Alternatively, if you want to refresh keys in all the existing vaults, select the Refresh All Oracle Vaults check box. When selected, the Refresh Keys from Selected Oracle Group(s) field becomes unavailable.
Click Update to save the changes.
The Schedules page also contains a section named JOB HISTORY. This section displays information related to a schedule such as Run Date, Job ID, Status, and Errors.
Viewing Keys Assigned to Schedules
Schedules for a key can be added, updated, and deleted on the KEY SCHEDULE section of the edit view of a key. Refer to Adding or Changing Key Rotation Schedule for details.
To view the keys assigned to a schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The Schedules page is displayed.
Click the overflow icon () corresponding to the desired schedule and click View/Edit.
Alternatively, click the Name link corresponding to the desired schedule.
The mini detail view of the schedule shows a numbered link next to the Keys Assigned label. The number indicates the number of keys assigned to the schedule. If no key is assigned, linked number
0
is displayed.Click the numbered link. The Oracle Keys for Schedule: <schedule-name> page is displayed. The page displays the following details:
Field Description Name Unique, user-friendly name of the Oracle key. Click the link to view additional details of the key or edit the key. Refer to Viewing or Editing Details of Oracle Keys. This name is useful in searching for specific keys. Key ID ID of the Oracle key. Tenant OCI tenant in which the key is created. Compartment Name of the OCI compartment where the key resides. Vault Name of the OCI vault where the key resides. Protection Mode Protection mode for the key - HSM or Software. Algorithm Algorithm of the Oracle key. AES, RSA, and ECDSA algorithms with different keys sizes are supported. State State of the Oracle key. Region Region of the key. Version Version of the key. Creation Date Date and time when the Oracle key is created. Origin Source of the key material used for the version. The origin can be:
• CCKM: Key material is created on CCKM.
• Native: Key material is created on the cloud.
• External (Unknown): Source of the key material is unknown. It is different than CCKM and the native cloud.
Refer to Key Creation Methods and Sources for details.
The Region, Version, Creation Date, and Origin columns are hidden by default. To show/hide a column, click the custom view icon (), select/clear the desired column, and click OK.
## Disabling Schedules
To disable a schedule configuration:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Disable. The Disable Schedule message is displayed.
Click Disable Schedule.
A message Successfully disabled the schedule is displayed on the screen.
Enabling Schedules
To enable a schedule configuration:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Enable. The Enable Schedule message is displayed.
Click Enable Schedule.
A message Successfully enabled the schedule is displayed on the screen.
Manually Running Schedules
To manually run a schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Run Now.
The Run Now schedule is started in the background. A message Schedule is running now. It will take a few seconds to finish. is displayed on the screen. After the schedule is run successfully, a message Successfully finished running the schedule is displayed.
Deleting Schedules
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Delete Schedule. The Delete Schedule message is displayed.
Click Delete Schedule.
A message Successfully deleted schedule is displayed on the screen.