You can use Rotate encryption master keys workflow to rotate master keys. This operation revokes current master key and generates a new master key with the key management server. This workflow rotates CommCell level password encryption master key and Storage Pool level data encryption master key.
If you want to perform a one-time key rotation, run the workflow manually once.
To enable periodic key rotation (for example, every 90 days), set the key rotation interval to 90 days and schedule the workflow to run daily. In this configuration, the workflow runs every day, checks for keys older than 90 days, and automatically rotates them.
Before You Begin
-
You must turn off the automatic key rotation option available with the KMS provider.
-
Import the Rotate encryption master keys workflow from the Commvault Store, and then deploy the workflow. For instructions, see Managing Workflows.
Procedure
-
From the Command Center navigation pane, go to Manage > Workflows.
The Forms page appears.
-
Execute the workflow based on your requirement:
-
To perform a one-time key rotation:
- Click the Rotate encryption master keys workflow.
The Rotate encryption master keys dialog box appears. - In the Key Rotation Interval (in days) box, specify the interval for rotating the master keys.
- Click OK.
- Click the Rotate encryption master keys workflow.
-
To enable periodic key rotation:
- For the Rotate encryption master keys workflow, click the drop-down arrow, and then click Create Schedule.
The Rotate encryption master keys dialog box appears. - On the Inputs page, in the Key Rotation Interval (in days) box, specify the interval for rotating the master keys.
- Click Next.
- On the Schedule page, configure the schedule for workflow execution.
- Click Submit.
- For the Rotate encryption master keys workflow, click the drop-down arrow, and then click Create Schedule.
-