Cloud Integration – How to use PGP Keys Monitor
SAP Cloud Integration PGP Keys Monitor enables you to manage PGP keyrings (secring, pubring). First version of the PGP Keys Monitor was made available with the 2022-04-09 update.
With previous SAP Cloud Integration releases, the PGP Secret Keyring and PGP Public Keyring were managed in the Cloud Integration Monitor section under Manage Security using the Security Material tile. Here, you had the option to upload, download, and delete secret and public keyrings.
SAP Cloud Integration manages only a single secret and a single public keyring which include the corresponding secret and public keys.
PGP Public Keyring (pubring): This artifact contains the public keys that enables the tenant to encrypt or verify messages using the Pretty Good Privacy (PGP) standard.
PGP Secret Keyring (secring): This artifact contains the PGP secret keys (also referred to as private keys) for the usage of Open Pretty Good Privacy (PGP). The private key enables the tenant to decrypt or sign messages.
Please see SAP Help – How OpenPGP Works.
PGP Keys Monitor
Now, a new PGP Keys Monitor is available on your SAP Cloud Integration tenant. To access it, go to the Monitor section and under Manage Security select the PGP Keys tile:
Overview PGP Keys
The PGP Keys monitor allows you to manage the public and private PGP keys.
A list of public and secret PGP keys is displayed in a table. For each artifact, the following attributes are displayed:
|User ID||States the User ID of this PGP key.|
|Type||Indicates whether the entry is a public PGP or a secret PGP key.|
|Key ID||States the key ID.|
|Validity State||Indicates the validity state. The following states are possible:
|Valid Until||Indicates the expiration date.|
|Modified On||Indicates the date and time the entry was last modified.|
PGP Keys Monitor: Actions
- The scope of the first version of the PGP Key Monitor comprises the following features:
Uploading secret, public keyrings
Downloading secret, public keyrings
To upload public or secret keys, choose one of the following options:
- Add –> Public Keys
- Add –> Secret Keys
To download public or secret keys, choose one of the following options:
- Download –> Public Keys
- Download –> Secret Keys
The following table provides more information on these actions:
|Add public key or secret keys||To upload a secret or public and replace the existing previous secret or public keyring, choose Add|
|Download||To download an artifact, select the artifact in the table and choose Download Public Key or Secret Keys.|
To delete an artifact, go to Monitor –> Manage Security, select the SecurityMaterial tile, select the secret or public keyring in the table, and choose Delete.
See also: Managing Security Material
To protect the use of PGP Keys monitor, the following roles are available:
|Task||Role (Neo)||Role-Template (Cloud Foundry)|
|Add PGP keyring artifacts||NodeManager.deploysecuritycontent
|Undeploy PGP keyring artifacts||NodeManager.deploycontent
|Download PGP keyring artifacts||NodeManager.read
|Display PGP keyring artifacts||NodeManager.read||MonitoringDataRead|
Planned Iterations: PGP Key Monitor
- Upload/Download PGP Keyrings: Operation on entire keyrings (Available: 2022-04-09)
- Display Key details: Display secret, public key details
- Single Key Operations: Add, Download, Delete single secret, public keys
Availability of the single key operations would retire the Manage Security Material secret, public key display and delete functionality.
SAP Help: Managing PGP Keys
SAP Help: How OpenPGP Works
SAP Blog: Cloud Integration – Import and Export PGP Secret Key – Change PGP Secret Key Password