Scheduling Operations
CCKM allows you to periodically refresh keys, rotate keys, or add KMS containers in the background. To refresh keys, rotate keys, or add KMS containers, you need to create schedule configuration. A schedule configuration defines when to run a refresh, rotation, or KMS container job. You can use either the basic or cron format to specify when the rotation, refresh, or KMS container job will run.
Specify basic format in the following order:
[Repeats, at]
Where,
-
Repeats: frequency of the scheduler. Possible values are daily, weekly, monthly, and yearly.
-
at: specific time at which the rotation or refresh operation will be performed. Possible value lies between 12:00-11:00 AM/PM UTC.
Specify cron format in the following order:
"* * * * *"
These five values indicate when the job should be executed. These values are mandatory and must be specified in order of minute, hour, day of month, month, and day of week.
The following table lists the accepted values:
Field | Allowed values | Allowed special characters |
---|---|---|
Minute | 0-59 | * / , - |
Hour | 0-23 | * / , - |
Day of month | 1-31 | * / , - ? |
Month | 1-12 or JAN-DEC | * / , - |
Day of week | 0-6 or SUN-SAT | * / , - ? |
Adding Key Rotation Schedule
A key rotation schedule replaces selected keys with new cryptographic keys at the specified time.
To add key rotation schedule:
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The list of available schedules is displayed.
-
Click Add Schedule. The Add New Schedule wizard is displayed.
-
Select Schedule Type as Key Rotation.
-
Click Next.
-
On the General Info screen, enter or select following details:
-
Enter a unique Scheduler Name.
-
Select Google from the Cloud Name drop-down list.
-
Add Description for the scheduler in a maximum of 250 characters.
-
Select Enable Schedule to enable the schedule.
-
Click Next.
-
-
On the Schedule Config screen, enter or select the following details.
-
Configure DURATION for the scheduler. Specify the schedule start and end time:
-
Schedule Starts: Specify time when the schedule starts.
-
Schedule Ends: Unavailable by default, that is, the scheduler never expires.
-
Never: Selected by default, that is, the scheduler configuration never expires.
To set an end time for the scheduler, clear the Never check box, and specify the Scheduler Ends time.
-
-
Configure FREQUENCY of the scheduler. The frequency determines how often the scheduler will rotate keys. Select either Basic or Raw (Cron) format to specify the value.
-
Click Save.
-
A message Schedule successfully created is displayed on the screen. The newly created schedule is displayed in the schedules list.
Adding Key Refresh Schedule
A key refresh schedule synchronizes keys from linked Google Cloud accounts to Cloud Key Manager.
To add a key refresh schedule:
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The list of available schedules is displayed.
-
Click Add Schedule. The Add New Schedule wizard is displayed.
-
Select Schedule Type as Key Refresh.
-
Click Next.
-
On the General Info screen, enter or select following details:
-
Enter a unique Scheduler Name.
-
Select Google from the Cloud Name drop-down list.
-
Add Description for the scheduler in a maximum of 250 characters.
-
Select Enable Schedule to enable the schedule.
-
Click Next.
-
-
On the "Schedule Config screen, enter or select the following details.
-
Configure DURATION for the scheduler. Specify the schedule start and end time:
-
Schedule Starts: Specify time when the schedule starts.
-
Schedule Ends: Unavailable by default, that is, the scheduler never expires.
-
Never: Selected by default, that is, the scheduler configuration never expires.
To set an end time for the scheduler, clear the Never check box, and specify the Scheduler Ends time.
-
-
Configure FREQUENCY of the scheduler. The frequency determines how often the scheduler will refresh keys. Select either Basic or Raw (Cron) format to specify the value.
-
Click Next.
-
-
On the Add Key Rings screen:
-
Select the desired key ring from the Refresh Keys from Selected Key Ring(s) drop-down list.
-
Click + button. Similarly, you can add more key rings. To remove an added key ring, click the close (X) icon in the name of the added key ring.
Alternatively, if you want to refresh all the existing key rings, select the Refresh All Key Rings check box. When selected, the Refresh Keys from Selected Key Ring(s) field becomes unavailable.
-
Click Save.
-
A message Schedule successfully created is displayed on the screen. The newly created scheduled is displayed in the schedules list.
Automatic Cloud Key Discovery
A KMS container schedule automatically detects the KMS containers based on the Google Cloud connection and adds them to the CipherTrust Cloud Key Manager.
Adding a KMS container (vault or subscription) to CCKM consumes one CCKM purchased service
To add a KMS container schedule:
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The list of available schedules is displayed.
-
Click Add Schedule. The Select Schedule Type screen of the Add New Schedule wizard is displayed.
Schedule Type
-
Select Schedule Type as Add KMS Container.
-
Click Next. The General Info screen is displayed.
General Info
-
Enter a unique Scheduler Name.
-
Select Google from the Cloud Name drop-down list.
-
(Optional) Add Description for the scheduler in a maximum of 250 characters.
-
(Optional) Select Enable Schedule to enable the schedule.
-
Select a Define Job Type. You can select either Discover Only or Discover and Add.
Note
Discover Only lists all the discovered containers. Discover and Add adds all the discovered containers to the CCKM.
-
Click Next. The Connection & ACL Info screen is displayed.
-
Select a Connection.
-
(Optional) Enable or disable Success Audit Event.
-
In the ACCESS CONTROL section.
-
Click Assign User/Group. The Assign User/Group dialog box is displayed.
-
Select the desired user or group from the User/Group drop-down list.
-
Click Save. The newly added user/group is displayed under Name in the ACCESS CONTROL section.
-
Grant the permissions to the user/group, as appropriate.
Granting additional permisions
To grant the additional permissions, select the check box under the desired operation corresponding to the desired users or groups. The following permissions can be granted.
-
View Keys, Add Key, Edit / Disable/ Enable, Synchronize, Upload
-
Schedule Destroy, Cancel Destroy
To remove a permission, clear the check box under the desired operation.
-
-
Remove a user or group.
-
Under Unassign, click X corresponding to the desired user/group. The Remove Group dialog box is displayed.
-
Click Remove.
-
-
-
Click Next. The Schedule Config screen is displayed.
-
Configure DURATION for the scheduler. Specify the schedule start and end time:
-
Schedule Starts: Specify time when the schedule starts.
-
Schedule Ends: Unavailable by default, that is, the scheduler never expires.
-
Never: Selected by default, that is, the scheduler configuration never expires.
To set an end time for the scheduler, clear the Never check box, and specify the Scheduler Ends time.
-
-
Configure FREQUENCY of the scheduler. The frequency determines how often the scheduler will rotate keys. Select either Basic or Raw (Cron) format to specify the value.
-
Click Save.
A message Schedule successfully created is displayed on the screen. The newly created schedule is displayed in the schedules list.
Viewing/Editing Schedules
To view/edit a schedule:
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The Schedules page displays following details:
Field Description Name Unique name of the scheduler configuration. Schedule Type Type of the schedule. Possible types are:
• Key Rotation
• Key Refresh
• Add KMS Container (GCP and Azure only)Cloud Name Name of the cloud. Last Modified Time when the schedule is modified. Frequency Frequency of the scheduler configuration. Start Date Creation time of the scheduler configuration. End Date Expiry time of the scheduler configuration. Never
is displayed if the schedule is set to never expire.Status Status of the scheduler configuration. Possible values are:
• Enabled
• Disabled -
Click the overflow icon () corresponding to the desired schedule and click View/Edit.
Alternatively, click the Name link corresponding to the desired schedule.
-
Edit or configure the following fields:
-
Optional, basic description of the schedule.
-
Status of the scheduler configuration. Select Enable Schedule to enable the schedule, clear to disable.
-
(For KMS Container schedule) Define Job Type.
-
CONNECTION & ACL INFO details, refer to the add KMS container Connection & ACL Info section.
-
Scheduler configuration parameters such as duration, frequency, and expiry time of the key. Refer to the key rotation Schedule Config screen, key refresh Schedule Config screen, or KMS container Schedule Config screen for details, as appropriate.
-
-
Click Update to save the changes.
JOB HISTORY
The Schedules page also contains a section named JOB HISTORY. The JOB HISTORY section displays information related to a job such as Run Date, Job ID, Status, and Errors. Every time a schedule is run, a Job is created.
-
The Add KMS Container Schedule section allows you to download the CSV report containing the list of Key Rings or Projects.
To download the report, click the overflow icon () corresponding to the desired schedule and click Download Key Rings Only or Download Projects Only.
-
To view the details of the job, click the Job ID link corresponding to the desired job. The Job details page is displayed. It shows the list of Key Rings and Projects associated with the job along with their details.
To download the reports of Key Rings and Projects, go to the top left of the Job details page, click Download, and select a report from the drop-down menu. The options are Key Rings Only, Projects Only, and Key Rings and Projects.
Note
You can download the report after the schedule has run successfully.
Disabling Schedules
To disable a schedule configuration:
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The list of available schedules is displayed.
-
Click the overflow icon () corresponding to the desired schedule and click Disable. The Disable Schedule message is displayed.
-
Click Disable Schedule.
A message Successfully disabled the schedule is displayed on the screen.
Enabling Schedules
To enable a schedule configuration:
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The list of available schedules is displayed.
-
Click the overflow icon () corresponding to the desired schedule and click Enable. The Enable Schedule message is displayed.
-
Click Enable Schedule.
A message Successfully enabled the schedule is displayed on the screen.
Manually Running Schedules
To manually run a schedule:
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The list of available schedules is displayed.
-
Click the overflow icon () corresponding to the desired schedule and click Run Now.
The Run Now schedule is started in the background. A message Schedule is running now. It will take a few seconds to finish. is displayed on the screen. After the schedule is run successfully, a message Successfully finished running the schedule is displayed.
Deleting Schedules
-
Open the Cloud Key Manager application.
-
In the left pane, click Schedules. The list of available schedules is displayed.
-
Click the overflow icon () corresponding to the desired schedule and click Delete Schedule. The Delete Schedule message is displayed.
-
Click Delete.
A message Successfully deleted schedule is displayed on the screen.