Creating a CloudKey for EDB PostgreSQL Database Server

Only keys created in the Cryptographic Security Platform Vault for Databases are supported.

  1. Log into the Cryptographic Security Platform Vault for Databases webGUI using an account with Cloud Admin privileges.

  2. In the top menu bar, click CloudKeys.

  3. Click the CloudKeys tab and select the Key Set with which the CloudKey will be associated.

  4. Select Actions > Create CloudKey.

  5. On the Details tab of the Create CloudKey dialog box, enter the following: 

    Field Description
    Name Enter the name for the CloudKey.
    Description

    Enter the optional description for the CloudKey.

    Cipher Select AES-256.

  6. Click Continue.

  7. On the Schedule tab, determine the rotation schedule for the CloudKey. This can be one of the following: 

    • Inherit from Key Set—The CloudKey will use the default schedule from the Key Set. If the Key Set schedule changes after the CloudKey is created, the CloudKey schedule will not be updated.
    • Never—The CloudKey will never be rotated.
    • Once a year—The CloudKey will be rotated once a year.
    • Every 6 months—The CloudKey will be rotated once every 6 months.
    • Every 30 days—The CloudKey will be rotated once every 30 days.
    • Other—The CloudKey will be rotated at the interval you select.

  8. Choose when this version of the CloudKey should expire. The per version expiration can be one of the following: 

    • Never—The CloudKey version will never expire.
    • Fixed Date—All CloudKey versions will expire on the date that you set.
    • Relative Expiry—Each CloudKey version will expire after the number of days that you set.

  9. Choose when the CloudKey as a whole should expire. This can be Never, or you can choose a specific date.

  10. If you selected an expiration date, choose the Expire Action to define what happens to the CloudKey when it expires. This can be one of the following:

    • Disable—The key will remain in the cloud, but is disabled and cannot be used by any applications.

    • Delete—The key is disabled in the cloud and cannot be used by any applications. You can set the date when the key is permanently deleted.

    Note: When the CloudKey expires, the selected Expire Action is performed on the key. The Cryptographic Security Platform Vault handles the expiry date and expire action. The expire date is not set in the cloud service provider.

  11. Click Apply.