Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tasks

Master Key Rotation

search

Master Key Rotation

You can rotate the Master Key using any of the following two methods:

Without Key Caching

  1. Open CADP_PKCS11.properties file and ensure that Symmetric_Key_Cache_Enabled property is set to no.

    Symmetric_Key_Cache_Enabled=no

  2. Open the wallet.

    ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "<cm_user:cm_user_password>";

  3. Rotate the Master Encryption Key.

    ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "<cm_user:cm_user_password>";

    OR

    ADMINISTER KEY MANAGEMENT SET ENCRYPTION KEY FORCE KEYSTORE IDENTIFIED BY "<cm_user:cm_user_password>";

With Key Caching

  1. Open CADP_PKCS11.properties file and ensure that Symmetric_Key_Cache_Enabled property is set to yes.

    Symmetric_Key_Cache_Enabled=yes

  2. From the CipherTrust Manager UI, make the MEK as exportable.

  3. Restart the database and open the wallet.

    ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "<cm_user:cm_user_password>";

  4. Rotate the master encryption key using any of the following commands.

    ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "<cm_user:cm_user_password>";

    OR

    ADMINISTER KEY MANAGEMENT SET ENCRYPTION KEY FORCE KEYSTORE IDENTIFIED BY "<cm_user:cm_user_password>";

  5. From the CipherTrust Manager UI, make the newly generated key as exportable.

On this page