Test integration

Create a key set in Entrust KeyControl

This key set will be used to create a cloud key in Entrust KeyControl.

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the Key Sets tab.

  4. Select Actions > Create Key Set.

    The Choose the type of keys…​ dialog appears.

  5. Choose Azure Key.

    The Create Key Set dialog appears.

  6. In the Details tab enter a Name and Description.

  7. In the Admin Group menu select Cloud Admin Group.

    For example:

    keycontrol create key set 1

  8. Select Continue.

  9. In the CSP Account tab, select the CSP account created in [create-keycontrol-csp-account].

    For example:

    keycontrol create key set 2

  10. Select Continue.

  11. In the HSM tab, select Enable HSM if using one. In that case ensure the HSM is configured prior to this step.

    For example:

    keycontrol create key set 3

  12. Select Continue.

  13. In the Schedule tab, select a Rotation Schedule matching the selection made during [create-azure-client-secret]. For example:

    keycontrol create key set 4

  14. Select Apply.

    The key set is added. For example:

    keycontrol create key set 5

  15. Verify the Azure key vault created in [create-azure-keyvault] is listed in the Key Vault tab with setting Accessible set to Yes.

    For example:

    keycontrol create key set 6

For additional information, see Creating a Key Set.

Create a cloud key in Entrust KeyControl

The following steps create a cloud key in Entrust KeyControl and verify it is available in Azure key vault.

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the CloudKeys tab.

  4. In the Key Set menu, select the Key Set created in Create a key set in Entrust KeyControl.

  5. In the Type menu, select Key Vault.

    For example:

    keycontrol create cloudkey 1

  6. Select Actions > Create CloudKey.

    The Create CloudKey dialog appears.

  7. In the Key Vault menu, select the Azure key vault created in [create-azure-keyvault].

  8. In the Details tab, enter the Name and Description. For example:

    keycontrol create cloudkey 2

  9. Select Continue.

  10. In the Access tab, select the required Cipher.

    For example:

    keycontrol create cloudkey 3

  11. Select Continue.

  12. In the Schedule tab, select the Rotation Schedule, Activation Date, and Expiration.

    For example:

    keycontrol create cloudkey 4

  13. Select Apply.

    The cloud key is created.

    keycontrol create cloudkey 5

  14. Verify the cloud key created in Entrust KeyControl is available in Azure key vault.

    keycontrol create cloudkey 6

For additional information, see Creating a CloudKey.

Create a cloud key in Azure key vault

The following steps create a cloud key in Azure key vault and import it into Entrust KeyControl.

To create a cloud key in Azure Key Vault:

  1. Navigate to Home > Key vaults > <Key_vault_name> > Keys > Generate/Import.

    The Create a key dialog appears.

  2. Enter the Name and the required key properties.

    For example:

    azure create cloudkey 1

  3. Select Create.

    The cloud key is created.

  4. Verify the newly created key.

    For example:

    azure create cloudkey 2

To import the cloud key created in Azure into Entrust KeyControl:

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the Key Sets tab.

  4. Select the key set created in Create a key set in Entrust KeyControl.

  5. Select Actions > Import CloudKey.

    The Import Cloud Keys dialog appears.

  6. In the Type menu, select Key Vault.

  7. In the Key Vault menu, select the Azure key vault created in [create-azure-keyvault].

    For example:

    azure create cloudkey 3

  8. Select Import.

  9. Verify the cloud key created in Azure key vault is available in Entrust KeyControl.

    azure create cloudkey 4

Rotate a cloud key in Entrust KeyControl

To rotate a cloud key in Entrust KeyControl:

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the CloudKeys tab.

  4. Select the key to rotate. Then, scroll down until you see the Rotate Now control.

  5. Select Rotate Now.

    The key has been rotated.

    For example:

    keycontrol key rotation 1
    keycontrol key rotation 2

  6. In Azure, navigate to Home > Key vaults > <Key_vault_name> > Keys.

  7. Select the key you want to rotate.

  8. Verify that the key has been rotated.

    For example:

    keycontrol key rotation 3

Remove a cloud key in Entrust KeyControl

A removed cloud key in Entrust KeyControl will no longer be available for use in Azure. However, Entrust KeyControl will keep a copy of the removed cloud key, which could be reloaded to Azure for use.

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the CloudKeys tab.

  4. Select the key to the removed.

  5. Select Actions > Remove from Cloud.

    The Remove from Cloud dialog appears.

  6. Type the name of the cloud key in Type CloudKey Name.

    For example:

    keycontrol remove cloudkey 1

  7. Select Remove.

  8. Verify the status change in Entrust KeyControl.

    For example:

    keycontrol remove cloudkey 2

  9. Verify the key is gone from Azure.

    For example:

    keycontrol remove cloudkey 3

For additional information, see Removing a CloudKey from the Cloud.

Upload a removed cloud key to Azure in Entrust KeyControl

To upload a removed cloud key to Azure in Entrust KeyControl:

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the CloudKeys tab.

  4. Select the key to be uploaded.

  5. Select Actions > Upload to Cloud.

    The Remove from Cloud dialog appears. For example:

    keycontrol upload removed cloudkey 1

  6. Select Upload.

  7. Verify the status change in Entrust KeyControl. For example:

    keycontrol upload removed cloudkey 2

  8. Verify the key is now available in Azure. For example:

    keycontrol upload removed cloudkey 3

Delete a cloud key in Entrust KeyControl

The deletion of a cloud key does not take effect immediately. However, after a user defined interval, the key will be permanently removed.

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the CloudKeys tab.

  4. Select the key to deleted.

  5. Select Actions > Delete CloudKey.

    The Delete CloudKey dialog appears.

  6. Select a time in Define when the CloudKey should be permanently deleted.

    For example:

    keycontrol delete cloudkey 1

  7. Select Delete.

  8. Verify the status change in Entrust KeyControl.

    For example:

    keycontrol delete cloudkey 2

  9. Verify the key is gone from Azure. For example:

    keycontrol delete cloudkey 3

For additional information, see Deleting a CloudKey.

Cancel a cloud key deletion in Entrust KeyControl

The deletion of a key can be canceled while the time in the Define when the CloudKey should be permanently deleted setting has not expired.

  1. Sign in to the Entrust KeyControl Vault URL bookmark from [create-keycontrol-vault].

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the CloudKeys tab.

  4. Select the key deletion to be canceled.

  5. Select Actions > Cancel Deletion.

    The Cancel Deletion dialog appears.

    For example:

    keycontrol cancel deletion cloudkey 1

  6. Select Yes, Cancel Deletion.

  7. Verify the status change in Entrust KeyControl.

    For example:

    keycontrol cancel deletion cloudkey 2

  8. Verify the key is now available in Azure. For example:

    keycontrol cancel deletion cloudkey 3

For additional information, see Canceling a CloudKey Deletion.