Changing the master key
Change the master key near the end of the current master key's lifetime.
Carefully consider when to change the master key. During the change of the master key, all cluster instances become inactive.
While it is still possible to score transactions, you cannot change the configuration or investigate cases during the change process. The change affects all data that is stored in IBM® Safer Payments, which means such a change process can take several hours to complete.
Changing the master key requires the global privilege to change the master key. This privilege
must be granted to the user in advance.
- In the user interface, click the Administration tab.
- Click from the navigation menu. Select your user.
- Scroll down to the Global Privileges section.
- In the Key Management field, select activate and revoke keys and view encryption management, and change master key.
- Save your changes.
Follow these steps to change the master key:
- Generate a new master key. For more information, see Preparing a keygen master key for activation or Preparing a KMIP master key for activation.
- Activate the new master key. For more information, see either Activating a keygen master key or Activating a KMIP master key.
The master key change process starts.