Scheduling Operations
CCKM allows you to periodically refresh or rotate keys in the background. To refresh or rotate keys, you need to create schedule configuration. A schedule configuration defines when to run a refresh or rotation job. You can use either basic format or cron format to specify the time when the rotation or refresh job will run.
Specify basic format in the following order:
[Repeats, at]
Where,
Repeats: frequency of the scheduler. Possible values are daily, weekly, monthly, and yearly.
at: specific time at which the rotation or refresh operation will be performed. Possible value lies between 12:00-11:00 AM/PM UTC.
Specify cron format in the following order:
"* * * * *"
These five values indicate when the job should be executed. These values are mandatory and must be specified in order of minute, hour, day of month, month, and day of week.
The following table lists the accepted values:
Field | Allowed values | Allowed special characters |
---|---|---|
Minute | 0-59 | * / , - |
Hour | 0-23 | * / , - |
Day of month | 1-31 | * / , - ? |
Month | 1-12 or JAN-DEC | * / , - |
Day of week | 0-6 or SUN-SAT | * / , - ? |
Adding Key Rotation Schedule
To add key rotation schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click Add Schedule. The Add New Schedule wizard is displayed.
Select Schedule Type as Key Rotation.
Click Next.
On the General Info screen, enter or select following details:
Enter a unique Scheduler Name.
Select AWS from the Cloud Name drop-down list.
Add Description for the scheduler in a maximum of 250 characters.
Select Enable Schedule to enable the schedule.
Click Next.
Set the values on the Schedule Config screen.
You can schedule configuration for:
All keys: Refer to Scheduling Configuration for All Keys for details.
Expiring keys: Refer to Scheduling Configuration for Expiring Keys for details.
Scheduling Configuration for All Keys
To schedule configuration for all keys:
Configure DURATION for the scheduler. Specify the following values:
Schedule Starts
Schedule Ends
If you select the Never check box, the scheduler configuration will never expire, and the Schedule Ends field becomes unavailable.
Configure FREQUENCY of the scheduler. The frequency determines how often the scheduler will rotate keys. Select either the Basic or the Raw (Cron) format to specify the value.
(Optional) Set the expiry of the newly rotated key.
Select Apply Gravestone Alias on Current Key to retain the key alias with timestamp on the archived key after rotation. The format of the Gravestone alias is
<current alias>-rotated-<timestamp>
. The alias will only be applied to keys with an existing alias.Click Save.
A message Schedule successfully created is displayed on the screen.
Scheduling Configuration for Expiring Keys
To schedule configuration for expiring keys:
In the Selection section, select which keys to be rotated based on their expiry time. In the Only rotate keys within _ of material expiration field, select or enter the key expiry time. For example, if the value of Only rotate keys within _ of material expiration field is set to 4 Days, then the schedule configuration is created for all the keys that will expire in 4 Days.
Configure DURATION for scheduler. Specify the following values:
Schedule Starts
Schedule Ends
If you select the Never check box, the scheduler configuration will never expire, and the Schedule Ends field becomes unavailable.
(Optional) Set the expiry of the newly rotated key.
Select Apply Gravestone Alias on Current Key to retain the key alias with timestamp on the archived key after rotation. The format of the Gravestone alias is
<current alias>-rotated-<timestamp>
. The alias will only be applied to keys with an existing alias.Click Save.
A message Schedule successfully created is displayed on the screen.
Adding Key Refresh Schedule
To add a key refresh schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click Add Schedule. The Add New Schedule wizard is displayed.
Select Schedule Type as Key Refresh.
Click Next.
On the General Info screen, enter or select following details:
Enter a unique Scheduler Name.
Select AWS from the Cloud Name drop-down list.
Add Description for the scheduler in a maximum of 250 characters.
Select Enable Schedule to enable the schedule.
Click Next.
On the Schedule Config screen, enter or select the following details.
Configure Duration for the scheduler. Specify the following values:
Schedule Starts
Schedule Ends
If you select the Never check box, the scheduler configuration will never expire, and the Schedule Ends field becomes unavailable.
Configure Frequency of the scheduler. The frequency determines how often the scheduler will rotate keys. Select either Basic or Raw (Cron) format to specify the value.
Click Next.
On the Add Accounts screen:
Select the account name from the Refresh Keys from Selected Account(s) drop-down list.
Click + button.
Similarly, you can add more accounts.
Select the Refresh All Accounts option if you want to refresh all the existing accounts.
Click Save.
A message Schedule successfully created is displayed on the screen.
Viewing/Editing Schedules
To view/edit a schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The Schedules page displays following details:
Field Description Name Unique name of the scheduler configuration. Schedule Type Type of the schedule. Possible types are:
• Key Rotation
• Key RefreshCloud Name Name of the cloud. Last Modified Time when the schedule is modified. Frequency Frequency of the scheduler configuration. Start Date Creation time of the scheduler configuration. End Date Expiry time of the scheduler configuration. Status Status of the scheduler configuration. Possible values are:
• Enabled
• DisabledClick the overflow icon () corresponding to the desired schedule and click View/Edit.
Edit or configure the following fields and click Update:
Description.
Status of the scheduler configuration.
Scheduler configuration parameters such as duration, frequency, and expiry time of the key.
The Schedules page also contains a section named JOB HISTORY that contains all the related information about a schedule such as Run Date, Job ID, Status, and Errors.
Disabling Schedules
To disable a schedule configuration:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Disable. The Disable Schedule message is displayed.
Click Disable Schedule.
A message Successfully disabled the schedule is displayed on the screen.
Enabling Schedules
To enable a schedule configuration:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Enable. The Enable Schedule message is displayed.
Click Enable Schedule.
A message Successfully enabled the schedule is displayed on the screen.
Manually Running Schedules
To manually run a schedule:
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Run Now.
The Run Now schedule is started in the background. A message Schedule is running now. It will take a few seconds to finish. is displayed on the screen. After the schedule is run successfully, a message Successfully finished running the schedule is displayed.
Deleting Schedules
Open the Cloud Key Manager application.
In the left pane, click Schedules. The list of available schedules is displayed.
Click the overflow icon () corresponding to the desired schedule and click Delete Schedule. The Delete Schedule message is displayed.
Click Delete Schedule.
A message Successfully deleted schedule is displayed on the screen.