Refresh Cached Keys

To cached keys can be refreshed using following options:

Auto refresh

Auto refresh feature allows you to automatically refresh the cached key using the Symmetric_Key_Cache_AutoRefresh_Interval parameter. It is the time after which the cached key becomes eligible for refresh. The actual refresh operation occurs only when a cached key is queried from the cache before the key expires. It can be specified in any time unit; the default is seconds. If the eligible key is not queried from the symmetric cache, it is removed from the cache after its expiry.

A key is said to be queried, if it is retrieved from the symmetric/asymmetric cache. For example, during cipher initialization, a key is retrieved from the cache.

If the auto refresh operation fails, the cached key again becomes eligible for auto refresh after the Symmetric_Key_Cache_AutoRefresh_Interval has passed.

Example

If Symmetric_Key_Cache_Expiry = 500 seconds and Symmetric_Key_Cache_AutoRefresh_Interval = 200 seconds, the cached key becomes eligible for refresh after 200 seconds. If the cached key is queried between 200 and 500 seconds, the cached key is refreshed in the cache, otherwise, the cached key is removed from the cache after its expiry.

Refresh using API

The session.refreshCache() API allows you to refresh the cache keys. The following code snippet shows its usage:

NAESession session = NAESession.getSession("userName", "password".toCharArray());
session.refreshCache("keyName");

The key name is passed to the API. The API exports the key from Key Manager and stores the refreshed key in the persistent and symmetric cache.

If Key Manager is unreachable and the persistent cache is enabled, then the keys will be refreshed from the persistent cache.

To use the refreshed key, it must first be queried from the cache.

Refresh private key

To refresh private key, $$private must be suffixed to the key name. For example:

session.refreshCache(keyName + "$$private");