1. Field of the Invention
The present invention relates to a method, system, and article of manufacture for maintaining keys removed from a keystore in an inactive key repository.
2. Description of the Related Art
Data stored on removable tape cartridges may be encrypted by an encryption engine to protect the data. Data encryption is especially useful for businesses that store personal data on their customers. Recent government regulations place requirements and legal obligations on companies storing personal data to report missing data or prevent the data from being stolen.
One concern with encrypting data on a tape cartridge is maintaining and managing copies of encryption keys for numerous tape cartridges encrypted with different encryption keys. In the current art, a key manager in communication with the tape drive may manage keys in a keystore, comprising a database or other data structure to associate encryption keys with tape drives that use the associated keys to encrypt data and/or storage cartridges whose data was encrypted with the associated encryption key.
Keys may be expired or removed from the keystore. An expired key may be replaced with a new key to use to encrypt and decrypt as part of a security policy. Once a key is expired or removed from the keystore, that key is no longer available to be used to encrypt and decrypt data. Data on tape cartridges that remains encrypted with the expired or deleted key cannot be recovered from the cartridge encrypted with the expired key.
There is a need in the art for improved techniques for managing expired and active encryption keys for removable storage media, such as tape cartridges.