> Software > CommCell Configuration > Security > Managing a Key Management Server > Adding a Key Management Server

Adding a Passphrase Key Management Server

You can add or modify a passphrase key management server from the Command Center.

Functioning of Passphrase Key Management Server

The Key Encryption Key (KEK) is encrypted using a user-defined passphrase. This passphrase is itself encrypted and saved to a file at the user-specified export location. The passphrase is not stored in the CommServe database. As a result, if the CommServe database is compromised, the passphrase - and consequently the KEK, Data Encryption Key (DEK), and associated data - remain protected.

During read and write operations, the passphrase is required to decrypt the KEK. To avoid prompting the user repeatedly, the system retrieves the encrypted passphrase from the export location and uses it as needed.

Notes

  • Though the system exports the passphrase to the export locations, there can be loss of passphrase file due to corruption or system crash. Passphrase is mandatory to restore the data. So, we recommend you to store or record the passphrase in a secure location to avoid data loss.

  • If you configure the CommServe LiveSync feature in the CommCell environment and the passphrase is exported to the CommServe client, then you must export the passphrase to the SQL clients of all nodes instead of exporting to CommServe client. The export of the passphrase to all clients ensures that the passphrase is available on all the nodes.

Procedure

  1. From the navigation pane, go to Manage > Security.

    The Security page appears.

  2. Click the Key management servers tile.

    The Key management servers page appears.

  3. Click Add at the top right, and then select Passphrase.

    The Add Passphrase dialog box appears.

  4. Enter the following values:

    • Name: Enter the name of the key provider.

    • Encryption key length: Select the key length to use with the Advanced Encryption Standard (AES) cipher.

    • Passphrase: Enter the passphrase.

  5. To add a client export location to store the passphrase, complete the following steps:

    1. Under Export location, click Add.

      The Add Location window appears.

    2. From the Client list, select the client.

    3. For Path, browse and select the path.

    4. Click Add.

      Note

      You must add at least two export locations.

  6. Click Submit.

×

Loading...