Describes the rekey process for CLDB and DARE keys.
External keystores ensure that the keys are always securely backed up and replicated, and guaranteed never to be lost. You can never accidentally delete KMIP keys - only the administrator can set the state to DESTROYED, but the keys still remain in cryptographic storage. Therefore, the rekey procedure is used mainly for key rotation and in the unlikely event of a compromise.
The data-fabric platform comprises two main keys:
To rekey, see mrhsm rekey.