Remove Keys Automatically from Your Key Repository

Deactivating Keys › TBEKMUTL Utility › Remove Keys Automatically from Your Key Repository

Remove Keys Automatically from Your Key Repository

You can configure CA Tape Encryption to remove keys automatically from your key repository. To take advantage of the automatic key removal capability, you must use the AutomaticallyRemoveKeys attribute in parmlib, schedule a job to create an extract file of keys in use, and schedule the TBEKMUTL utility to run regularly.

To remove keys automatically

Specify the following attribute in parmlib:
```
AutomaticallyRemoveKeys=Y
```
This specifies that automatic key removal is in effect.
Schedule a job to run using one of the following procedures:
- Run BESKMNT1 if your site uses CA 1.
- Run BESKMNTT if your site uses CA TLMS.
- Run BESKMNTR if your site uses DFSMSrmm.
The job creates an extract file of information about the status of keys, which is passed to a second step as input for running the TBEKMUTL utility. This second step marks keys as available for deletion and moves the keys to the deletion queue. After 90 days, the keys are deleted.

Important! CA does not support sharing the BES database across systems that do not share the same tape catalog.

Tell Technical Publications how we can improve this information