You can use the PingFederate administrative console to rotate configuration encryption keys.
To maintain security, you should regularly rotate the configuration encryption keys. Rotating keys involves generating a new key and making it the new primary key. PingFederate will use the new primary key to encrypt sensitive information.
To rotate configuration encryption keys:
After you rotate the configuration encryption keys, you should use the configkeymgr utility to re-encrypt information that was encrypted with previous keys.