- 13 Jun 2023
- 2 Minutes to read
- Print
- DarkLight
Encryption Key Rotation
- Updated on 13 Jun 2023
- 2 Minutes to read
- Print
- DarkLight
Feature | |
Introduced in Version | 6.8.64500 |
Last Modified in Version | 8.10. |
Location | System > Encryption |
Overview
In an effort to support PCI and SOC compliance, data stored within Decisions can encrypted using a rotating encryption key. This prevents data from being compromised if a key is lost or stolen.
Accessing Key Rotation
To view the Key Rotation History, navigate to System > Administration > Encryption. The Key Rotation dashboard will be appear, displaying the rotation history.
What is unaffected/unchanged by Key Rotation?
Cached data will not be affected by rotating Encryption Keys.
In addition, data that cannot be updated/decrypted during this process will:
- Become a task assigned to the admin group for review.
- Become recorded in a encryption_key_change_issue table within the Decisions database with the following columns:
- Source datatype Table
- Source datatype ID
- Field Name
- Data
- Date Time
- Current Key
Changing Keys
In order to start rotating encryption keys:
- Select the Start Encryption Key Rotation action on the Key Rotation dashboard.
- A popup will appear. Confirm that the key will be rotated.
If the rotation was successful then:
- The Rotation Status is set to Complete
- Old keys.dat is moved to archive/Keys.dat.MMddYYYY folder within the Decisions folder tree.
- NewKeys.dat becomes the new keys.dat file
For clustered environments, the updated encryption keys will be sent to other nodes within the cluster.
If the encryption is unsuccessful, then the following will occur
- The status message on the Keys dashboard will be updated to Rotation Not Available: Encryption Issues Exist.
- The Encryption Issues Report will be updated, displaying the cause for failure.
- All issues must be resolved in order for Key rotation to continue.
Dashboards
The following section lists the different dashboards and reports available under System > Encryption Folder
Feature | Description | Screenshot |
---|---|---|
Key Rotation | The main dashboard displayed when navigating to Encryption > Key Rotation. Displays a list of activities involving Key rotation. | |
Keys | A Report that displays the list of active encryption keys within Decisions | |
Encryption Issues | A Report detailing a list of encryption issues that are preventing encryption keys from being rotated. | |
Issue Resolution History | A report detailing what actions were taken to resolve issues that had appeared when attempting to encrypt keys for the environment. |
Status
The following section lists common status messages for the encryption process.
Status | Description |
---|---|
Key Rotation is Available | This status means that key rotation is available, and can be run. We recommend that this is done during a maintenance window. |
Rotation Not Available: Encryption Issues Exist | There are issues with encrypted data, or a previous key rotation appears to be in progress. This will prevent the encryption keys from being rotated until all issues are resolved. |
Complete | The encryption key has been successfully rotated. No further actions are necessary. |