Rotating configuration encryption keys - PingFederate - 11.0

PingFederate Server

bundle
pingfederate-110
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.0
category
Product
pf-110
pingfederate
ContentType_ce

You can use the PingFederate administrative console to rotate configuration encryption keys.

To maintain security, you should regularly rotate the configuration encryption keys. Rotating keys involves generating a new key and making it the new primary key. PingFederate will use the new primary key to encrypt sensitive information.

To rotate configuration encryption keys:

  1. In the administrative console, go to Security > Certificate & Key Management > Configuration Encryption Keys.
  2. Click Rotate.

    PingFederate generates a new key, inserts it into the top of the pf.jwk file, and displays it at the top of the Configuration Encryption Keys window.

After you rotate the configuration encryption keys, you should use the configkeymgr utility to re-encrypt information that was encrypted with previous keys.