Secret Key Rotation

Answer

Title :
Secret Key Rotation
Article :
What is Secret Key Rotation?
Secret key rotation has been added to Secret Server as of version 8.8.000018.  It is the process by which the encryption key, used for securing Secret data, is changed and Secret data is re-encrypted.  Each Secret receives a new, unique AES-256 encryption key. Secret key rotation can be used to meet compliance requirements that mandate encryption keys be changed on a regular basis.
How to Perform Secret Key Rotation:
Secret Key Rotation requires the Rotate Encryption Keys permission.
1. Go to Admin -> Configuration -> Security.
2. Under the Key Rotation section, click Rotate Secret Keys.
Secret key rotation will begin as soon as Secret Server enters Maintenance Mode. Because Maintenance Mode disables various functionality (e.g. Secrets cannot be updated), the timing of Secret key rotation merits consideration of Secret Server usage with regard to processing time. We recommend running Secret key rotation during off-peak or non-business hours.

To learn more about Maintenance Mode, see the following KB article: http://support.thycotic.com/kb/a518/maintenance-mode.aspx
Estimated Processing Time
Maintenance Mode will take five minutes to enable before Secret key rotation is started.
The processing time for Secret key rotation will vary greatly, depending on the following factors:
· Total number of Secrets
· Total number of Secrets with file attachments and size of the file attachments
· Hardware configuration (# of CPUs/Cores, memory size, network latency)
· HSM key size, if applicable
As a general guideline, use the following: