Using external key management

External key service is supported to manage externally Content Platform Engine encryption keys. You can leverage this feature to centralize key management on a key management service of your choice, under your control, for improved security and privacy protection.

The external key management implementation relies on a supported key management system.

Key Management Interoperability Protocol (KMIP)
This feature has been validated with IBM Security Key Lifecycle Manager (SKLM) 3.0 and 3.0.1 and Vormetric Thales Data Security Manager (DSM) 6.1.
IBM Key Protect

You configure this service in your environment as part of the preparation for your installation or upgrade. Then, you specify the service for key management as part of the New Domain wizard in the Administration Console for Content Platform Engine.

External key management is available when you create new P8 domains. The feature does not apply for existing P8 domains.

You can update an existing P8 domain from internal key management to external key management. For more information, see Configuring external key management.

For more details on setting up external key management, see Optional: Preparing for external key management.