Audit-Viewer Key deceased


Article ID: 196612


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


We are usin the audit viewer key to decrypt/encrypt audits.

The key is almost deceased, so they have to use a new key.

Documentation says:

However, once a key ceases to be the audit viewer key, it is recommended that you delete it, to prevent unauthorized users from decrypting audit records that were encrypted with that key.

But they have the following questions, how can they keep looking at the old audits, after deleting this key.

Will all audits will be encrypted with the new key, when the new key is added?

Or will the old audits be unusable because they are encrypted with the old key?



Release : 9.4

Component : API GATEWAY


If you remove the old key you can not decrypt the encrypted messages which were encrypted with this key , the new key will be used for new messages only.