Test the integration
Create a cloud key in KeyControl
-
Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the CloudKeys tab.
-
In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.
For example:
Multi-region keys will be supported in a future release of Entrust KeyControl. -
In the Actions pull down menu, select Create CloudKey. The Create CloudKey window appears.
-
In the Details tab, enter the Name and Description. Then select Continue.
For example:
-
In the Purpose tab, select from the Purpose and Algorithm pull-down menus. Then select Continue.
For example:
-
In the Access tab, select the service account created in Create AWS AIM user in box the Administrator and Users text box. Then select Continue.
For example:
-
In the Schedule tab, select your Rotation Schedule and Expiration date. Then select Apply.
For example:
-
Notice the newly created cloud key.
-
Verify the cloud key is visible in the AWS Key Management Service (KMS).
For further information, refer to Creating a CloudKey in the KeyControl online documentation.
Create a cloud key in AWS Key Management Service
-
In AWS, navigate to Services > Key Management Service > Customer managed keys. Then select the Create key icon.
-
In the Configure key window, select the Key type and Key usage. Then expand the Advance options and select the Key material origin. For Regionality select the Single-Region key radio button. Then select Next.
For example:
Multi-region keys will be supported in a future release of Entrust KeyControl. -
In the Add labels window, enter the Alias and Description. Then select Next.
For example:
-
In the Define key administrative permissions window, enter the service account name created in Create AWS AIM user and select it. In the Key deletion section, check Allow key administrators to delete this key. Then select Next.
For example:
-
In the Define key usage permissions window, enter the service account name created in Create AWS AIM user and select it. Then select Next.
For example:
-
In the Review window, select Finish.
-
Notice the new key in the AWS KMS.
To import the cloud key in KeyControl:
-
Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the Key Sets tab. Then select the key set created in Create a key set in KeyControl.
-
In the Actions pull down menu, select Import CloudKeys. The Import Cloud Keys window appears.
-
Select your region. Then select Import.
-
Select the CloudKeys tab and select Refresh.
-
Verify the imported key is visible in the Entrust KeyControl cloud keys vault.
For further information, refer to Importing CloudKeys in the KeyControl online documentation.
Remove a cloud key in KeyControl
-
Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the CloudKeys tab.
-
In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.
-
Select the key to be removed from the cloud.
-
In the Actions pull down menu, select Remove from Cloud. The Remove from Cloud dialog appears.
-
Type the name of the key in the Type CloudKey Name text box. Then select Remove.
For example:
-
Notice the key Cloud Status becomes NOT AVAILABLE.
For example:
-
Verify the key Status changed in AWS KMS.
For further information, refer to Removing a CloudKey from the Cloud in the KeyControl online documentation.
Delete a cloud key in KeyControl
-
Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the CloudKeys tab.
-
In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.
-
Select the key to be deleted.
-
In the Actions pull down menu, select Delete CloudKey. The Delete CloudKey dialog appears.
-
Select a time in Define when the CloudKey should be permanently deleted. Then select Delete.
For example:
-
Notice the key Cloud Status becomes PENDING DELETE.
-
Verify the key Status changed in AWS KMS.
For further information, refer to Deleting a CloudKey in the KeyControl online documentation.
Cancel a cloud key deletion in KeyControl
-
Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the CloudKeys tab.
-
In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.
-
Select the key who’s scheduled deletion is going to be cancelled.
-
In the Actions pull down menu, select Cancel Deletion. The Cancel Deletion dialog appears.
-
Select Yes, Cancel Deletion.
-
Notice the key Cloud Status becomes NOT AVAILABLE.
-
Verify the key Status changed in AWS KMS.
-
Back in Entrust KeyControl, In the Actions pull down menu, select Upload to Cloud. The Upload to Cloud dialog appears.
-
Select Upload.
-
Notice the key Cloud Status becomes AVAILABLE.
-
Verify the key Status changed in AWS KMS.
For further information, refer to Canceling a CloudKey Deletion in the KeyControl online documentation.
Rotate a cloud key in KeyControl
-
Sign in to the cloud keys vault URL created in Create a Cloud Keys Vault in the KeyControl.
-
Select the CloudKeys tab.
-
In the Key Set pull-down menu, select the key set created in Create a key set in KeyControl. In the Region pull-down menu, select your region.
-
Select the key to be rotated.
-
Scroll down, select the Details tab, and select the Rotate Now icon.
-
Verify that the key has been rotated in AWS KMS.