Rotating configuration encryption keys - PingFederate

Rotating configuration encryption keys - PingFederate - 11.1

PingFederate Server

bundle

pingfederate-111

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 11.1

category

Administrator

Audience

Capability

DeploymentMethod

Product

SingleSignonSSO

Software

SystemAdministrator

pf-111

pingfederate

ContentType_ce

You can use the PingFederate administrative console to rotate configuration encryption keys.

To maintain security, you should regularly rotate the configuration encryption keys. Rotating keys involves generating a new key and making it the new primary key. PingFederate will use the new primary key to encrypt sensitive information.

To rotate configuration encryption keys:

In the administrative console, go to Security > Certificate & Key Management > Configuration Encryption Keys.
Click Rotate.

PingFederate generates a new key, inserts it into the top of the pf.jwk file, and displays it at the top of the Configuration Encryption Keys window.

After you rotate the configuration encryption keys, you should use the configkeymgr utility to re-encrypt information that was encrypted with previous keys.