- Overview
- Tutorials
- How Tos
- Download
- Install
- Configure
- Secure
- TLS API Configuration
- Configure API Authentication and Authorization with JWT
- Configure API Limits
- Set Resource Limits
- Crypto key management
- Restrict key usage
- Namespace Key Management
- Key management service (KMS) configuration
- Optimize
- Observe
- Operate
- Initializing node identity manually
- Canton Console
- Synchronizer connections
- High Availability Usage
- Manage Daml packages and archives
- Participant Node pruning
- Party Management
- Party Replication
- Decentralized party overview
- Setup an External Party
- Ledger API User Management
- Node Traffic Management
- Identity Management
- Upgrade
- Decommission
- Recover
- Troubleshoot
- Explanations
- Reference
Migrate to a KMS¶
This section outlines the steps required to migrate from a running non-KMS participant to one that is KMS-enabled, as well as the interoperability between nodes that use KMS and those that do not. The migration procedure depends on the selected mode of operation:
Migrate to encrypted private key storage with a Key Management Service (KMS)
This process requires configuring the node to use a symmetric wrapper key. Migration is done automatically after this configuration step.
Migrate to external key storage with a Key Management Service (KMS)
This approach involves creating a new KMS-enabled Participant and transferring all data (e.g., contracts) from the Participant node. The process must be performed manually by each operator using the provided scripts and functions.
It offers a clean and self-contained transition but requires a namespace change and coordination with all affected Participant node operators.