Rotating SecureLink Keys
SecureLink relies on four secret values that together give it its security characteristics. These secret values are of two types:
Encryption keys used for communication between SecureLink components. These are held by the Intermediary, Unveiler (if configured) and Recipient components (such as Privitar On Demand).
A SecureLink blinding secret. This is a secret value that is used by the SecureLink Intermediary to compute secure base values that are used as input to SecureLink Tokenization. It is held by the Intermediary.
Key Rotation
It is good practice to periodically replace encryption keys with new versions. This process is called key rotation. Privitar supports rotating both types of secret on a per-Environment basis. Either the encryption keys or the blinding secret may be rotated at one time. The process is initiated from the Environments page, as described below.
Note
The process may take a period of time to complete, and that the Environment may not be edited while the rotation is in progress. Other Privitar operations, such as running Jobs, are not affected.
To rotate secret values for a specific Environment:
Select Environments from the Navigation sidebar.
Select the required SecureLink Environment, and from the Actions list box, choose either Rotate SecureLink Keys or Rotate SecureLink Blinding Secret.
Click OK.
The appropriate key(s) will now be rotated. Environments where this process is running are displayed with an indicator.
Determining When Last Key Rotation Occured
To determine when the last key rotation was completed:
Select Environments from the Navigation sidebar.
Select the required Environment by clicking on the name of the Environment in the Name column.
Select the SecureLink tab.
The time of the last key rotation is displayed.