Key creation, key names, and rotation rules

When Verint is configured to use a KMS, the system automatically creates, names, and sets the rotation schedule for encryption keys. This automation applies to any KMS.

Key creation

When WFO V15.2 V2020R1 or newer is installed, keys are automatically created for each tenant. When 2020R1 or newer is applied on all servers in an organization, manual key creation is not required.

Key names

Keys that are created automatically use the naming convention auto_tid_XXXXXX, where XXXXXX is the ID of the tenant in a multi-tenant environment. For a single tenant or host provider, a key named auto_tid_0 is created and used. Tenant-specific data is secured using these keys.

A key named auto_global is also created automatically and used to encrypt non-tenant protected data.

Only key names which start with "auto" will be rotated based on schedule. No other keys will be rotated including the key name "recorder".

Key rotation

The Recorder KMS Service automatically applies the rotation schedule to keys in CipherTrust KMS. By default, keys are rotated daily.

Only keys with names that begin with auto are included in the automatic rotation schedule. Keys with other names—such as recorder—are not rotated automatically.