Best practices: Managing cryptographic keys

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Perform regular key rotation. Cryptographic key rotation should be executed on all keys at least once a year (i.e. scheduled bulk rotation), or even more frequently if required by the security policy in place. More frequent key rotations typically equate to better security.
Perform on-the-fly key rotation. It is highly advisable to rotate keys as soon as they are added (i.e. on-the-fly rotation). Combining scheduled bulk rotation and individual on-the-fly rotation constitutes sound security policy. For more information about performing key rotations individually or in bulk, see Creating and managing cryptographic keys.
Handle old and compromised keys. Implement a strict policy regarding old and compromised keys. Such a policy should include procedures for retiring, archiving, destroying, or revoking such keys, and should also include steps to address suspected compromised keys.
Limit key management privileges. Limit the number of users with administrative privileges for key management, e.g. Rotate Key, or Create Key. By default, these privileges are not assigned to imported or newly created users.

Cet article vous a-t-il été utile ?