One of the most complex aspects of key management is key rotation—the act of changing cryptographic keys used by an application. This becomes complex when businesses require applications to be continuously available, even when this housekeeping activity is occurring in the background.
SAKA architecture enables all symmetric cryptographic keys to be rotated automatically without having to shut your applications down. Even as the key-rotation is being performed by a thread in SAKA, other threads continue to service encryption and decryption requests with new and/or existing keys. Should a decryption request come for an object whose key is being rotated, the transaction management enabled in the Java Enterprise Edition (JEE) application server manages this so that a request's handles remain consistent throughout the transaction.
To configure automatic rotation, the Domain Administrator must configure the Rotate Symmetric Keys job through the DACTool (see 11—KAM DACTool, Section 6.1 for details). If you would prefer to schedule the job manually, rather than automatically, this can also be done through the DACTool. If the jobs are not scheduled to run automatically, execute the job manually, else the keys will not get rotated.