Creating a CloudKey for DKE

1. Log into the KeyControl Cloud Key Management Vault webGUI using an account with Cloud Admin privileges.

2. In the top menu bar, click CloudKeys.
3. Click the CloudKey tab.
4. Select the Azure Key Set that you just created and then select DKE Keys.
5. Select Actions > Create CloudKey.

6. On the Details tab of the Create CloudKey dialog box, enter the following: 

   Field	Description
   Name	Enter the name for the CloudKey.
   Description	Enter the optional description for the CloudKey.

7. Click Continue. 

8. On the Access tab, enter the following: 

   Field	Description
   Cipher	This can be one of the following:  RSA-2048 RSA-3072 RSA-4096
   Azure Accounts	Select Allow All, or Specific Tenants. If you selected specific tenants, enter the tenant GUIDs to give access to the Azure accounts.

9. Click Continue.

10. On the Schedule tab, determine the rotation schedule for the CloudKey. This can be one of the following: 

    • Inherit from Key Set—The CloudKey will use the default schedule from the Key Set. If the Key Set schedule changes after the CloudKey is created, the CloudKey schedule will not be updated.
    • Never—The CloudKey will never be rotated.
    • Once a year—The CloudKey will be rotated once a year.
    • Every 6 months—The CloudKey will be rotated once every 6 months.
    • Every 30 days—The CloudKey will be rotated once every 30 days.
    • Other—The CloudKey will be rotated at the interval you select.
11. Click Apply.