Configure encryption keys Edge Encryption provides the tools to manage encryption keys without taking the proxy offline. Before you beginRole required: security-adminBefore setting up new encryption keys on the instance, you must do the following. Create the new encryption key. Make the new key available to all encryption proxies. This could be copying the file or Java KeyStore file to each proxy, or ensuring that each proxy has access to the Java KeyStore or NAE device. About this taskKey aliases must be unique. Each key alias must have the same key size and type on each proxy, or the key cannot be assigned as the default. Procedure Navigate to Edge Encryption Configuration > Encryption Key Configuration > Set Up Keys The Encryption Key Configuration - Created form is shown. Add new keys Rows in the list with an X in the left column can be deleted. Keys that have been used as the default, or are in the Available state cannot be deleted. In the row that says Insert a new row... double-click. An edit box is shown. Enter a name for the key, then click the check mark. Key aliases are lowercase letters and numbers. Capital letters are changed to lowercase letters when you click Submit. Key aliases must be unique. In the same row, double-click in the Key size column. A select box is shown. Select a key size, either 128 bits or 256 bits, then click the check mark. In the same row, double-click in the Type column. A select box is shown. Select a key type, either File, Keystore, or SafeNet, then click the check mark. When you are done adding keys, click Next Step. You must specify an alias, key size, and key type for each key before moving on. The form moves to the Key Status step. When the key status becomes Available, click Next Step. When a key alias is available on all proxies, its state becomes Available. If, after a few minutes, the state does not change, check to ensure the key is available on all proxies. If the state remains Unavailable, one or more of the proxies does not have the key alias. On the Change Default Keys tab, either type in the key alias, or click the spy glass icon and select an alias, and then click Next Step. The form moves to the Schedule Key Rotation step. If desired, create and run a mass encryption job to encrypt existing data using the new encryption key. If you do not run a mass encryption job, existing data remains encrypted with the old key until the data is accessed again.