This article describes the Fortanix Data Security Manager (DSM) Copy Key operation that can be performed on a Security Object.
2.0 Copy Key
The copy key feature will copy a security object from a standard Fortanix DSM group to another standard group. This feature has the following advantages:
- It maintains a single source of key material by using/importing that key with other Fortanix DSM groups. This allows applications in respective groups to use a single key to meet some business objectives.
- It maintains a link to copies of the original key material for audit and tracking purposes.
The following actions will happen as part of the copy key operation:
- A new key will be created in the target group: The new key will have the same key material as the original key.
- The Source key links to the copied keys: A link will be maintained between all copied keys and the source key.
The Source key will also have basic metadata-based information about the linked keys such as:
- Copied by <user-name/app id>
- Date of Copy <time stamp>
- Target copy group name
Perform the following steps to copy a key:
- Go to the detailed view of a key and click the Copy Key button on the right of the screen
- In the COPY KEY window, you may update the name of the key by clicking on the pencil icon. Copy the new key to a group/groups from the GROUP section. To filter only HSM/External KMS groups, select Import key to HSM/External KMS option. Figure 1: Edit key name and edit group details
- Click EDIT PERMISSIONS if you want to modify the permissions of the key. Figure 2: Set deactivation date
- Add Deactivation Date: The deactivation date of the security object can be set to 'Never' or to a specified time in the future. To specify the deactivation date, click EDIT.
- Click CREATE COPY to create a copy of the key.
- If there is a Quorum policy configured in the source group that contains the original key, then a quorum approval request is created. Only after the request is approved the copy key operation will be successful.
- The source key will now appear as a key link in the KEY LINKS tab in the detailed view of the copied key. Figure 3: Key link created
3.0 Create New AES Key
Fortanix DSM allows you to create a new AES key with the similar settings as the currently available key.
Perform the following steps:
- Go to the detailed view of a key and click the button on the right of the screen.
- On the Add New Security Object window, enter the name of the security object in New Security Object field.
- You can make update the existing values in the sections as required.
- After you have updated the values, click the Generate button at the bottom of the screen.
The new AES key is generated in Fortanix DSM.