User's Guide: Copy Key


This article describes the Fortanix Data Security Manager (DSM) Copy Key operation that can be performed on a Security Object.

Copy Key

The copy key feature will copy a security object from a standard Fortanix DSM group to another standard group. This feature has the following advantages:

  • It maintains a single source of key material by using/importing that key with other Fortanix DSM groups. This allows applications in respective groups to use a single key to meet some business objectives.
  • It maintains a link to copies of the original key material for audit and tracking purposes.

The following actions will happen as part of the copy key operation:

  • A new key will be created in the target group: The new key will have the same key material as the original key.
  • The Source key links to the copied keys: A link will be maintained between all copied keys and the source key.

The Source key will also have basic metadata-based information about the linked keys such as:

  • Copied by <user-name/app id>
  • Date of Copy <time stamp>
  • Target copy group name
The name of the copied key is suggested automatically to the user as [original key name]_[copy1,2,...], but can be replaced with an alternative unique name.

To copy a key:

  1. Go to the detailed view to a key and click the Add plus.png NEW OBJECT button on the far right of the screen. Copy_Key1.png Figure 1: Initiate Copy key
  2. In the menu that opens, click the COPY KEY button. Copy_Key2.png Figure 2: Click copy key
  3. In the COPY KEY window, you may update the name of the key by clicking on the pencil pencil.png icon. Copy the new key to a group/groups from the GROUP section. To filter only HSM/External KMS groups, select Import key to HSM/External KMS option. Copy_Key3.png Figure 3: Edit key name and edit group details
  4. Click EDIT PERMISSIONS if you want to modify the permissions of the key. Copy_Key4.png Figure 4: Assign new key to a group
  5. Click CREATE COPY to create a copy of the key as shown in the figure above.
  6. If there is a Quorum policy configured in the source group that contains the original key, then a quorum approval request is created. Only after the request is approved the copy key operation will be successful.
  7. The source key will now appear as a key link in the KEY LINKS tab in the detailed view of the copied key. Copy5.png Figure 5: Key link created


Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful