After you have created a cryptographic specification, you can configure the lifecycle actions for the keys in your instance.

Before you begin

Role required: sn_kmf.admin

Procedure

  1. Navigate to Key Management > Cryptographic Modules > All.
  2. Select the cryptographic module to configure the lifecycle of a key.
  3. Click a key alias on the Crypto Specifications tab.
    The Algorithm Definition form opens for the selected key.
    Shows how to select a key from the lifecycle definition.
  4. Click Next.
    The Field Lifecycle Template loads. Default Key Lifecycle values are created based on the selected algorithms for the defined crypto specification.
  5. Select a Key Lifecycle from the Applies to column on the Lifecycle Definition step for the crypto specification.
    Table 1. Key Lifecycle fields
    FieldDescription
    Applies to Selected key that the lifecycle applies to.
    For field Select the type of control for the key that the lifecycle applies to.
    Figure 1. Key lifecycle management "For field" values
    Shows the values in the "For field."
    Type Select if the valuation for the key lifecycle is a relative value or an absolute value:
    • Relative: Enter a value that depends on other data entries in the system, such as key generation, activation, and deactivation.
    • Absolute: Enter an exact value, such as a date.
    Lifecycle default Read only. Displays a value if set.
    Order Enter the sequence in which to process the key lifecycle state for the crypto specification.
    Relative duration type Duration of the lifecycle: Years, Months, or Days.
    Relative duration Number of years, months, or days the key is valid.
    Relative operation Beforeor After.
    Relative to Field the duration is relative to. Displays if a relative duration or operation is selected.
    Shows the values of the "Relative to" list.