Articles in this section

Key settings screen

Avatar
Global Admin2
  • Updated
Follow

The key settings screen lets you view and edit CloudGate Key Manager's key settings.

Contents

Label Description

Rotation period

The rotation period for the keys, expressed in minutes, hours, days or weeks

This setting governs the validity period for the keys that are issued by CloudGate Key Manager. For example, setting the rotation period to 1 week (the default) will result in keys expiring one week after they have been issued.

Active key limit

The maximum number of active keys that can be issued to a single user

Keys are considered active if they have not expired and have not been revoked.

Key type

The type of keys that are issued by CloudGate Key Manager

The following options are available:
  • RSA 2048 – Issue 2048-bit keys generated using the RSA algorithm.
  • ECDSA 256 – Issue 256-bit keys generated using the ECDSA algorithm.

Passphrase protected

Whether or not the user will be prompted to enter a passphrase when issuing a new key

CAUTION:
While requiring keys to be protected by a passphrase does provide some additional security benefits, it should be noted that it is fairly trivial for a user to remove a key's passphrase and thus unprotect it.
CAUTION:
CloudGate Key Manager issues passphrase protected keys in the PKCS#8 format. Not all types of SSH client software (e.g. PuTTY) support this format. In case SSH clients without PKCS#8 support are being used in your organization, an alternative is to have CloudGate Key Manager issue keys without passphrase protection, and require your users to use the passphrase functionality provided by the SSH client software.

Users can revoke keys

Whether or not users can revoke their own keys

While it's always possible for administrators to revoke specific keys, enabling this setting will also allow users to revoke their own keys. This can be useful, for example, in scenarios where the Active key limit is set to a low value, and administrators do not want to be burdened with frequent key revocation requests from their users.

Button bar

Button Result

Cancel

Discards any changes made to the key settings, and reverts them to their original state.

Save

Saves all changes made to the key settings.
Related tasks

Comments

0 comments

Please sign in to leave a comment.