Key rotation

In today's digital landscape, protecting your integrations with third parties is paramount. As part of our ongoing efforts to uphold the highest standards of security, we emphasize the importance of key rotation for our keys. This documentation aims to provide comprehensive insights into the practice of key rotation within our product framework. By understanding and implementing key rotation effectively, you can bolster your security posture, mitigating potential risks and ensuring the integrity of your integration with DataDome. Let's delve into the intricacies of key rotation and see how to perform this rotation.

How to perform a key rotation?

Step 1 - Identify the Key to Sunset

Navigate to the Integrations tab within the Management section. Ensure you have the Admin role for access. Locate the key you wish to sunset along with its type from the listing. There are currently four different types of keys eligible for rotation:

  • Server side key
  • Management API Key - Full Access
  • Management API Key - Read-only Access
  • Account Protect Key

Step 2 - Generate a New Key of the Same Type

Once you've identified the key's type, proceed to create a new key of the same type. Click on the “Generate New Key” button positioned at the top right corner, then select the appropriate key type. A pop-up window will prompt you to name the key.

Note that the key name is immutable after creation, so choose wisely.

Confirm the action by clicking on “Generate Key,” and the new key will appear in the listing.

Step 3 - Activate Your New Key

By default, a newly generated key is in “Deactivated” status, rejecting any traffic or calls.

Switch its status to “Activated” by clicking on the extra actions button at the end of the new key line, then select “Activate.”

Confirm the activation in the pop-up window by clicking on “Activate key.”

The key status will change to “Activated,” ready to accept traffic or calls.

Step 4 - Replace the Key in Your System

Replace the key you wish to sunset with the newly created one in your system.

Ensure that your system behaves as expected after the replacement to maintain service continuity.

Step 5 - Verify the Sunset Key Is No Longer in Use

After replacing the key, ensure it is no longer in use. Utilize the “Last usage” column, which displays the date and time of the key's last usage.

Step 6 - Deactivate the Sunset Key

If the “Last usage” aligns with the replacement performed in Step 4, proceed with deactivating the key.

Click on the extra actions button at the end of the new key line, then select “Deactivate.”

Confirm the deactivation by clicking on “Deactivate key” in the pop-up window.

The key status will change to “Deactivated,” refusing all traffic or calls.

We recommend a 1-month observation period before deletion.

Step 7 - Delete the Sunset Key

Once you're certain it's safe to delete the key, return to the Integrations tab in the Management section.

Identify the key for deletion, click on the extra actions button at the end of the line, then select “Delete.”

Confirm the deletion by entering the key name and clicking on “Delete key” in the pop-up window.

Deleting a key is irreversible, so ensure your decision is final.

The key will no longer appear in the listing, signifying the completion of the key rotation process.

Congratulations on successfully rotating your key!