Test the integration

Create a cloud key in KeyControl

  1. Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

  2. Select the CloudKeys tab.

  3. In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.

    For example:

    keycontrol create cloudkey 1
    Multi-region keys will be supported in a future release of Entrust KeyControl.

  4. In the Actions pull down menu, select Create CloudKey. The Create CloudKey window appears.

  5. In the Details tab, enter the Name and Description. Then select Continue.

    For example:

    keycontrol create cloudkey 2

  6. In the Purpose tab, select from the Purpose and Algorithm pull-down menus. Then select Continue.

    For example:

    keycontrol create cloudkey 3

  7. In the Access tab, select the service account created in Create AWS AIM user in box the Administrator and Users text box. Then select Continue.

    For example:

    keycontrol create cloudkey 4

  8. In the Schedule tab, select your Rotation Schedule and Expiration date. Then select Apply.

    For example:

    keycontrol create cloudkey 5

  9. Notice the newly created cloud key.

    keycontrol create cloudkey 6

  10. Verify the cloud key is visible in the AWS Key Management Service (KMS).

    keycontrol create cloudkey 7

For further information, refer to Creating a CloudKey in the KeyControl online documentation.

Create a cloud key in AWS Key Management Service

  1. In AWS, navigate to Services > Key Management Service > Customer managed keys. Then select the Create key icon.

  2. In the Configure key window, select the Key type and Key usage. Then expand the Advance options and select the Key material origin. For Regionality select the Single-Region key radio button. Then select Next.

    For example:

    aws create cloudkey 1
    Multi-region keys will be supported in a future release of Entrust KeyControl.

  3. In the Add labels window, enter the Alias and Description. Then select Next.

    For example:

    aws create cloudkey 2

  4. In the Define key administrative permissions window, enter the service account name created in Create AWS AIM user and select it. In the Key deletion section, check Allow key administrators to delete this key. Then select Next.

    For example:

    aws create cloudkey 3

  5. In the Define key usage permissions window, enter the service account name created in Create AWS AIM user and select it. Then select Next.

    For example:

    aws create cloudkey 4

  6. In the Review window, select Finish.

    aws create cloudkey 5

  7. Notice the new key in the AWS KMS.

    aws create cloudkey 6

To import the cloud key in KeyControl:

  1. Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

  2. Select the Key Sets tab. Then select the key set created in Create a key set in KeyControl.

  3. In the Actions pull down menu, select Import CloudKeys. The Import Cloud Keys window appears.

  4. Select your region. Then select Import.

    keycontrol import cloudkey 1

  5. Select the CloudKeys tab and select Refresh.

  6. Verify the imported key is visible in the Entrust KeyControl cloud keys vault.

    keycontrol import cloudkey 2

For further information, refer to Importing CloudKeys in the KeyControl online documentation.

Remove a cloud key in KeyControl

  1. Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

  2. Select the CloudKeys tab.

  3. In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.

  4. Select the key to be removed from the cloud.

  5. In the Actions pull down menu, select Remove from Cloud. The Remove from Cloud dialog appears.

  6. Type the name of the key in the Type CloudKey Name text box. Then select Remove.

    For example:

    keycontrol remove cloudkey 1

  7. Notice the key Cloud Status becomes NOT AVAILABLE.

    For example:

    keycontrol remove cloudkey 2

  8. Verify the key Status changed in AWS KMS.

    keycontrol remove cloudkey 3

For further information, refer to Removing a CloudKey from the Cloud in the KeyControl online documentation.

Delete a cloud key in KeyControl

  1. Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

  2. Select the CloudKeys tab.

  3. In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.

  4. Select the key to be deleted.

  5. In the Actions pull down menu, select Delete CloudKey. The Delete CloudKey dialog appears.

  6. Select a time in Define when the CloudKey should be permanently deleted. Then select Delete.

    For example:

    keycontrol delete cloudkey 1

  7. Notice the key Cloud Status becomes PENDING DELETE.

    keycontrol delete cloudkey 2

  8. Verify the key Status changed in AWS KMS.

    keycontrol delete cloudkey 3

For further information, refer to Deleting a CloudKey in the KeyControl online documentation.

Cancel a cloud key deletion in KeyControl

  1. Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

  2. Select the CloudKeys tab.

  3. In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.

  4. Select the key who’s scheduled deletion is going to be cancelled.

  5. In the Actions pull down menu, select Cancel Deletion. The Cancel Deletion dialog appears.

  6. Select Yes, Cancel Deletion.

    keycontrol cancel deletion cloudkey 1

  7. Notice the key Cloud Status becomes NOT AVAILABLE.

    keycontrol cancel deletion cloudkey 2

  8. Verify the key Status changed in AWS KMS.

    keycontrol cancel deletion cloudkey 3

  9. Back in Entrust KeyControl, In the Actions pull down menu, select Upload to Cloud. The Upload to Cloud dialog appears.

  10. Select Upload.

    keycontrol cancel deletion cloudkey 4

  11. Notice the key Cloud Status becomes AVAILABLE.

    keycontrol cancel deletion cloudkey 5

  12. Verify the key Status changed in AWS KMS.

    keycontrol cancel deletion cloudkey 6

For further information, refer to Canceling a CloudKey Deletion in the KeyControl online documentation.

Rotate a cloud key in KeyControl

  1. Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.

  2. Select the CloudKeys tab.

  3. In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.

  4. Select the key to be rotated.

  5. Scroll down, select the Details tab, and select the Rotate Now icon.

    keycontrol rotate cloudkey 1

  6. Verify that the key has been rotated in AWS KMS.

    keycontrol rotate cloudkey 2