This article describes the Fortanix Self-Defending KMS Copy Key operation that can be performed on a Security Object.
The copy key feature will copy a security object from a standard Fortanix Self-Defending KMS group to another standard group. This feature has the following advantages:
- Maintains a single source of key material while using/importing that key across various Fortanix self-Defending KMS groups where applications in respective groups may need to use a single key to meet some business objectives.
- Maintains a link of various copies of the same key material to the source key for audit and tracking purposes.
The following actions will happen as part of the copy key operation:
- A new key will be created into the target group: The new key will have the same key material as the original key.
- The source key links to the copied keys: There will be a link maintained from all copied keys to the source key.
The Source key will also have basic metadata-based information about the linked keys such as:
- Copied by <user-name/app id>
- Date of Copy <time stamp>
- Target copy group name
NOTE: The name of the copied key is suggested automatically to the user as [original key name]_[copy1,2,...], but can be replaced with an alternative unique name.
To copy a key:
- Go to the detailed view to a key and click the Add icon on the far right of the screen.
Figure 1: Initiate Copy key
- In the menu that opens, click the COPY KEY button.
Figure 2: Click copy key
- In the COPY KEY window, update the name of the key if required. By default, the key will be assigned to the same group as the source key. To update the group, click the EDIT button.
Figure 3: Edit key name and edit group details
- Now click EDIT GROUP to select a group for the new key from the list of groups or create a new group. Click EDIT PERMISSIONS if you want to modify the permissions of the key.
Figure 4: Assign new key to a group
- Click CREATE COPY to create a copy of the key as shown in the figure above.
- The source key will now appear as a key link in the KEY LINKS tab in the detailed view of the copied key.
Figure 5: Key link created