Key management You are responsible for providing and managing the encryption keys used by Edge Encryption. When obtaining and creating encryption keys to support the encryption types used by Edge Encryption, you should consider the following: Whether to use AES 128 or AES 256. You must define a default AES 128 encryption key even if it is not used. Whether to use file store, Java KeyStore, or NAE. When to rotate encryption keys. When and if to use a mass encryption job to re-encrypt data using the new key. Before removing a key from the proxy configuration files and the key store, decrypt all data on the instance that uses the key. You can do this by adding a new encryption key and scheduling a mass key rotation job.