Rotate the external key

The Control Room supports using CyberArk to store keys for encrypting and decrypting IQ Bot data. A user with the AAE_IQ Bot Admin role can change the object name in IQ Bot to start the key rotation process.

Prerequisites

  • The IQ Bot must have been connected with CyberArk during installation. See Installing IQ Bot in Custom mode.

  • Update the password in the CyberArk vault to generate the new key. Note the new key name because you will provide it in IQ Bot.

Procedure

  1. Navigate to Administration > Key rotation.
    Most of the fields in the Key rotation page are auto-filled with the connection details you provided during installation.
  2. In the Object name field, provide the new key name from CyberArk.
  3. Click Rotate key.
    The IQ Bot retrieves the new key from the CyberArk vault and encrypts data with this new key. When the encryption process completes, a success message appears.
    If the encryption process is not successful, use the key rotation synchronizer to recover from the error.