Rotate an access key
Changing access keys on a regular schedule is a security best practice. Key rotation reduces the chances that a compromised access key is used without your knowledge to gain access to your cloud origin.
Before you begin
- Rotate access keys in your cloud provider account and make sure that your applications are still working as expected:
- Make note of the new access key identifier and its secret. See Get authentication details from your cloud provider.
Update the access key in Cloud Access Manager.
- In Cloud Access Manager, find the access key that you want to rotate.
- In the Access key versions table, click Add version.
- For Access key ID, enter the new access key identifier.
- For Secret, enter the secret paired with the new access key identifier.
Activating a version takes up to 10 minutes, after which your access key is active on the staging and production networks. When this is done, you are ready to update your property with the new version of the access key.
Reference the new version of the access key in Property Manager.
Access Property Manager
configurations associated with the selected Control Center account. Go to
(or just enter Properties in the
The Property Groups page opens.
In the Origin
Characteristics behavior, make sure that Encrypted Storage
is set to yes.
If you disable this option, the Origin Characteristics behavior stores the authentication details unencrypted.
For Access Key,
select the relevant access key version.
This field lists only active access keys that you created in Cloud Access Manager and that match the property's authentication method selected in the Origin Characteristics behavior.
- Optional: Activate your property on the staging environment and make sure that edge servers properly authenticate requests to your cloud origin. See Activate on staging.
Activate you property on the production environment. See Activate on production.
Important: Activating a property takes up to 30 minutes. Don’t delete or disable the old access key in your cloud provider account during this time.