Key rotations
Key rotations allow you to set up a cycle that rotates 2-10 keys and certificates. This enhances security, automatically changing keys after a pre-determined period of time and after each signing so that you do not have multiple consecutive signings using the same key and certificate.
To identify a key rotation, navigate to DigiCert ONE > DigiCert® Software Trust Manager > Keypairs and identifying Rotation in the Type column.
참고
Keypairs assigned to a key rotation are not listed and cannot be managed in the Keypairs tab in Software Trust Manager.
Create a key rotation
You require the Manage keypair
permission to create a key rotation.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Keypairs > Key rotations.
Select Create key rotation.
Complete the following fields:
Field | Description |
---|---|
Rotation name | Enter a name that easily identifies which rotation you are using. |
Team This field displays when teams are enabled. | Select the team that should have access to this key rotation. 참고Keypairs available for selection are limited to the keypairs assigned to the team selected. |
Select keypairs | Select between 2 and 10 keypairs to cycle during the rotation. 참고Only production keypairs with a default certificate are available for selection. |
Rotation frequency | Determine how often the keys should rotate. |
Keypair status | Select Online to rotate keypairs that can be used to sign at any time. |
Select Offline to rotate keypairs that can only be used to sign during a release window. | |
Access | Select Open to allow any user within your account access to the keypair rotation. |
Select Restricted to limit access to the keypair rotation to specified users, user group, or team. | |
Allowed users | Select individual validated users that can use this key rotation. |
Allowed user groups | Select groups of users that can use this key rotation. |
View key rotation details
Key rotation details lists the following details: Keypair rotation ID, key rotation status, date created, keypair status, allowed users, groups, or teams. It also provides a list of keypairs and default certificates that are in rotation.
To view key rotation details:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Keypairs > Key rotations.
Click on the keypair rotation alias.
Rotate key
You can rotate a key rotation from Software Trust Manager or SMCTL.
Key rotations in signature logs
You can find signings using a key rotation by navigating to Logs > Signature logs and entering the rotation name in the filter keypair alias search field.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Logs > Signature logs.
Identify the keypair alias column and enter the rotation alias into the filter field.