1. Fortanix
  2. Fortanix Data Security Manager (DSM)
  3. How-to guides
  4. Key Management Service

User's Guide: Key Move

Last Updated: 

Introduction

This article describes the steps to move a key from one Fortanix Data Security Manager(DSM) group to another thereby modifying the group that the key belongs to.

Move Key

The Key Move feature of Fortanix DSM will allow the users to move a security object from a standard Fortanix DSM group to another standard Fortanix DSM group.

The following actions will happen as part of the key move operation:

  • The key will be moved from the source group to the target group: The new key will have the same key material as the original key.
  • The key links will remain with the source group and will not be moved to the target group when the key material is moved. Key links must be updated to use the new group that the key material resides in.
  • The Key Rotation Policy also moves to the target group along with the key.
NOTE
  • The key move operation is applicable for keys in Fortanix DSM groups only.
  • The key move operation is applicable for all the key types.
  • You can move keys only between two Fortanix DSM groups.
  • The key has to satisfy the target group’s cryptographic policy in order for the move to be successful.
  • You must have “write” access to both groups to perform the key move operation.
  • The key can be moved in any state except the DELETED state.
  • If there is a quorum policy associated with the source group, then it applies. Otherwise, group change is immediate.
  • If the key is moved to a group with a different Key Undo Policy, then the Key Undo Policy of the target group applies to the key.
  • If the key is moved to a group without a Key Undo Policy, then the existing Key Undo Policy of the source group stays in the source group.
  • The users, apps, and plugins of the source group will no longer have access to the key once the group is changed.

To move a key

  1. Go to the detailed view to a key. In the INFO tab, under the Group section, click CHANGE GROUP to initiate the key move operation. Key_move_change_group.pngFigure 1: Initiate key move
  2. In the CHANGE GROUP dialog:
    1. Select the destination group to move the key to.
    2. Select the check box to confirm that:
      1. The users, apps, and plugins will no longer have access to the key once the group is changed and key links will be lost.
    3. Click SAVE to move the key to the new group.
    Key_move_group_select.pngFigure 2: Change group

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful