Creating Key Policy

To create a key policy:
  1. Go to (Menu) icon > SSH+ > Policies > Key Policy.

    The Key Policy page is displayed.

  2. On the command bar, click +Create policy.
  3. Enter the following details:
    Table 1. Field description for Key Policy section
    Field Description
    Policy details
    *Policy Name Enter a unique name for the policy.
    Description Enter details of the policy stating the purpose.
    Compliance Configuration
    *Key Algorithm And Size Select a value from the dropdown list. You can select more than one value.
    Allowed Risks Any risk included in the allowed risks list will be considered compliant during the compliance check. Only risks not on the allowed list will be treated as non-compliant
    Age The compliance status of the key will be determined based on the provided age. If no age is given, it will be excluded from the compliance calculation.
    Rotation Configuration
    Rotate automaticallyOn Enable this toggle to configure automatic key rotation. Once enabled, the Set Schedule Time field displays, allowing you to specify when the key should be rotated automatically. A message will appear at the bottom of this section, indicating the scheduled time for the key rotation.
    *Key Rotation Period Select a value from the dropdown list. For example, if you select 180 days from the dropdown list, then the key will be rotated after 180 days.
    *Key Algorithm Select a key algorithm that specifies which host key types are allowed to be used for the SSH connection.
    *Key Size Select the size of the key used in the key algorithm.
    Host Certificate Auto Rotate Settings
    *Auto Rotate Host Certificates before Select a value from the dropdown list to initiate certificate rotation before its expiration. By default, this value is 10 days.
    Note: Fields indicated with red asterisk (*) symbol are mandatory.
  4. Click Create.

    A key policy is created and added to the key inventory.

What to do next:
  • Modify or delete a key policy by selecting the checkbox against the policy name and selecting Modify or Delete from the Actions menu.
  • Associate the policy with a key compliance group. See Adding Key Compliance Group.