Fortanix Data Security Manager (DSM) does support the expiry of security objects, including SECRET type. You can set the expiry for a future date or you can expire an object immediately. On expiry/deactivation, the object goes into the "Deactivated" state.
NOTE
- In a deactivated state, a key cannot be used to apply cryptographic protection (for example, encryption, signing, wrapping, MACing, deriving). The key can only be used to process cryptographically protected information (for example: decryption, signature verification, unwrapping, MAC verification).
- In a deactivated state, a SECRET value can no longer be fetched. You will not be able to get the value of this object if it is expired/deactivated.
Comments
Please sign in to leave a comment.