| CPC H04L 63/068 (2013.01) | 18 Claims |
|
1. A computer-implemented method comprising:
determining, by one or more processors, to perform a key rotation;
in response to the determination, identifying, by the one or more processors, key pairs associated with a plurality of cloud resources, wherein each key pair of the identified key pairs (1) comprises a first key and a second key and (2) is usable by a cloud service of a plurality of cloud services to access a cloud resource, among the plurality of cloud resources, associated with the key pair, and further wherein the plurality of cloud resources each comprise one of applications, programs, or services;
from among the identified key pairs, determining, by the one or more processors, a first subset of key pairs where the first key of each key pair of the first subset of key pairs was provided to any cloud service of the plurality of cloud services and the second key of each key pair of the first subset of key pairs was not provided to any cloud service of the plurality of cloud services; and
for each key pair of the determined first subset of key pairs:
generating, by the one or more processors, a new key;
replacing, by the one or more processors, the second key in the key pair with the new key;
updating, by the one or more processors, the second key in a key vault; and
recording, by the one or more processors, the updated second key.
|