User's Guide: Key Move

  • Updated on May 28, 2025
  • Published on Jun 27, 2024
  • 2 minute(s) read
Prev Next

1.0 Introduction

This article describes the steps to move a key from one Fortanix-Data-Security-Manager (DSM) group to another, thereby modifying the group that the key belongs to.

2.0 Move Key

The Key Move feature of Fortanix DSM will allow users to move a Security-object from a standard Fortanix DSM will allow users to move a security object from one standard Fortanix DSM group to another.

The following actions will happen as part of the key move operation:

  • The key will be moved from the source group to the target group: The new key retains the same key material as the original key.

  • The key links will remain with the source group and are not transferred to the target group. You must update the key links to reference the new group where the key material now resides.

  • The Key Rotation Policy is transferred to the target group along with the key.

NOTE

  • The key move operation is applicable only for keys in Fortanix DSM groups.

  • It supports all the key types.

  • Keys can be moved only between two Fortanix DSM groups.

  • The key must comply with the target group’s  Cryptographic-policy for the move to be successful.

  • You must have “write” access to both the source and target groups to perform the key move operation.

  • A key can be moved in any state except the DELETED state.

  • If a quorum policy is associated with the source group, it will be enforced during the move. Otherwise, the group change is immediate.

  • If the key is moved to a group with a different Key undo policy, the target group’s policy will apply.

  • If the target group has no Key undo policy, the existing policy from the source group remains in the source group.

  • Users, apps, and plugins of the source group will no longer have access to the key after it is moved to the target group.

Perform the following steps to move a key:

  1. Go to the detailed view of a security object and in the INFO tab, click CHANGE GROUP under the Group section to initiate the key move operation.

    Figure 1: Initiate key move

  2. In the CHANGE GROUP dialog box, Select destination group to which you want to move the key to.

  3. Select the check box to confirm your understanding about the action.

  4. Click SAVE to move the key to the new group.

    Figure 2: Change group

Related articles