Specifying a rollover key group

You can specify a key group for future use as the system default.

About this task

You can use the graphical user interface or the Key Group Default Rollover Add REST Service to add a default key group rollover on a specific date to serve keys to a endpoint. Your role must have the permission to the create action and a permission to the appropriate endpoint.

Procedure

  1. Log in to the graphical user interface.
  2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
  3. Click Endpoint management > Configured endpoints.
  4. On the Configured endpoints page, select your LTO endpoint and click the overflow menu icon (Options).
  5. From the overflow menu options, click View.
  6. Alternatively, on the home page, click your LTO endpoint link in the Configured endpoints section.
  7. Specify an existing key group to be a future system default. On the LTO endpoint management page, click the LTO key group rollover icon.
  8. On the LTO wrapping key rollover page, click Add future write default.
  9. On the Add future write default - LTO dialog, click Select to select the key group.
  10. Select the effective date.
  11. Click Add. The rollover key group is listed on the LTO wrapping key rollover page.
    • Do not specify two defaults for the same rollover date.
    • If a key group does not exist at the time of rollover, IBM Guardium Key Lifecycle Manager continues to use the current default key group.
    • You can add or delete table entries, but cannot modify an entry.
  12. To delete an LTO wrapping key context from the rollover table, complete the following steps.
    1. Select an LTO wrapping key context and click the overflow menu icon (Options) and click Delete.
    2. On the confirmation window, click OK.