Skip to content

enable-customer-managed-keys-cmk-f15d2a7.md

Latest commit

 

History

History
72 lines (37 loc) · 2.27 KB

enable-customer-managed-keys-cmk-f15d2a7.md

File metadata and controls

72 lines (37 loc) · 2.27 KB

Enable Customer-Managed Keys (CMK)

You can enable customer-managed keys (CMK) in three ways:

Using cf CLI

To enable CMK for your service instance (for example, named mycredstore), go to your command console and run:

cf update-service mycredstore -c "{\"cmk-support\":{\"encryption-keys\":\"customer\"}}"

Using JSON Configuration

  1. In the SAP BTP cockpit, navigate to your subaccount and space..

  2. From the left-side navigation menu, choose Services > Instances.

  3. Go to your Credential Store instance and from its (Actions) menu, choose Update.

  4. Choose Next, and then replace the default brackets {} with the following JSON code:

    
{
  "cmk-support": {
    "encryption-keys": "customer"
  }
}

  5. Choose Update Instance.

Using the Credential Store UI

  1. In the SAP BTP cockpit, navigate to your subaccount and space..

  2. From the left-side navigation menu, choose Services > Instances.

  3. Select the Credential Store instance for which you want to enable CMK.

  4. From the left-side navigation menu, choose (Credential Store).

  5. Go to the Settings tab and choose (Edit Configuration).

  6. In the Encryption Keys field, switch to Customer-Managed.

  7. Save your changes.

Note:

When you change the service instance settings from SAP-Managed to Customer-Managed, all credentials included in this instance will be re-encrypted with a customer key in an asynchronous manner.

Related Information

Customer-Managed Keys (CMK)