Workflow: Import keys to CipherTrust Manager
To import the DSM wrapper key archive to a target CipherTrust Manager node, run the key migration commands in ksctl. Plan for approximately one minute per 1,000 keys.
Migration can take time based on the number of key records and the system version. The migration process approximately takes one minute for 1,000 keys.
Before you begin
Workflow: Export keys from Thales KMS
Workflow: Install CLI Toolkit (ksctl)
Workflow
-
For CipherTrust Manager to decrypt the Thales DSM, create a migration split key that has the same values as the DSM wrapper key.
-
Create split share keys and upload backup file
The wrapper key and migration split key divide a single key into multiple shares, with a minimum number of shares required to reassemble the key. This configuration, called M of N, provides more security as a different custodian holds and controls each share.
-
Run key migration in CipherTrust Manager
To import keys into CipherTrust Manager KMS, run a migration command using the CLI tool, ksctl.
-
After migrating keys to CipherTrust Manager KMS, confirm that the keys are there and show the latest CipherTrust version number.