Expand my Community achievements bar.

Join us on September 25th for a must-attend webinar featuring Adobe Experience Maker winner Anish Raul. Discover how leading enterprises are adopting AI into their workflows securely, responsibly, and at scale.
Register Now
SOLVED

Updating Expired Encryption Keys in AEP Data flows

Avatar

Level 2
Level 2
6/20/25 2:45:20 PM

Hi Everyone,

 

The encryption keys in Adobe Experience Platform (AEP) have expired. We created new encryption keys with the same names as the expired ones and deleted the expired keys from AEP. Since then, our existing incremental data flows have started to fail.

The public key has been shared with the team responsible for posting encrypted source files to Azure. We create data flows via API using these Azure source files, specifying the encryption details through the publicKeyId.

We attempted to update the publicKeyId in the existing data flows using a PATCH request. Although the request returns a 200 OK response, the update does not appear to be applied correctly. When retrieving the dataflow details, both the old and new publicKeyId values are still visible.

Could you please advise on the correct method to update the publicKeyId in existing data flows? Is it necessary to recreate all data flows using the new publicKeyId?

Additionally, how long does it typically take for expired keys to be fully removed from the system?

 

Thank you for your assistance.

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Platform Real-Time Customer Data Platform

Views

434

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 7
Level 7
6/26/25 10:24:47 PM
In response to AEPuser16

Hi @AEPuser16 ,

It seems the existing mapping set was removed, which was not expected. Ideally, PATCH the existing dataflow via the Flow Service API to update only the encryption key within the transformations block - without affecting the mappings, schedule, or other configurations.

I suggest to confirm it with support team as well once as based on https://experienceleague.adobe.com/en/docs/experience-platform/sources/api-tutorials/update-dataflow... above behavior should not happen.

Thanks,

Ankit

View solution in original post

Views

358

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 7
Level 7
6/25/25 9:27:02 PM

Hi @AEPuser16 ,

You must update the entire source connection and dataflow as a unit. You cannot patch encryption-only settings. Adobe’s Flow Service API requires creating a new source connection and a new dataflow that reference the updated publicKeyId, then retiring the old ones.

Yes, it's necessary. Incremental flows using the old key need to be recreated with the new publicKeyId. You can't swap the key in an active flow via PATCH alone as I am aware based on below reference link. Still you can confirm with Adobe Support team by generating ticket once.

Reference link for above: https://experienceleague.adobe.com/en/docs/experience-platform/sources/api-tutorials/update-dataflow...

AEP itself may purge expired key references within minutes to 24 hours in primary stores, and up to 7 days in transient stores.

Reference link for above: https://experienceleague.adobe.com/en/docs/experience-platform/landing/governance-privacy-security/c...

Thanks,

Ankit

Views

391

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
6/26/25 4:24:27 PM
In response to AnkitJasani29

Hi @AnkitJasani29 ,

 

Thanks for the information. I just wanted to clarify — if encryption keys expire, does that mean we would need to create new data flows each time with new encryption key? Since we manage multiple data flows, I’m a bit concerned this might lead to a growing number of redundant data flows over time. Or should I later disable and then delete the data flows that use the old encryption key? I’d appreciate any guidance on how to best handle this scenario.

Additionally, we’ve created the Adobe Managed Key via API. Does that mean we need to manually track the expiry date and create a new encryption key each time? Or is there a more efficient way to manage this?

 

Thanks,

 

Views

372

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
6/26/25 4:37:06 PM
In response to AnkitJasani29

Hi @AnkitJasani29 ,

 

Since we created the data flows via API, we now need to update them with a new encryption key using a PATCH request, rather than creating new data flows each time. I performed a PATCH request to update the dataflow with the new encryption key, but it removed the existing mapping set. I then had to issue another PATCH request to reapply the mapping set, and everything is now working as expected.

Could you please confirm if this is the correct process? Any guidance on a more efficient or recommended approach would be greatly appreciated.

 

Thanks!

 

Views

371

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 7
Level 7
6/26/25 10:24:47 PM
In response to AEPuser16

Hi @AEPuser16 ,

It seems the existing mapping set was removed, which was not expected. Ideally, PATCH the existing dataflow via the Flow Service API to update only the encryption key within the transformations block - without affecting the mappings, schedule, or other configurations.

I suggest to confirm it with support team as well once as based on https://experienceleague.adobe.com/en/docs/experience-platform/sources/api-tutorials/update-dataflow... above behavior should not happen.

Thanks,

Ankit

Views

359

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Administrator
Administrator
8/25/25 11:58:39 PM
In response to AEPuser16

Hi @AEPuser16,

Since there hasn’t been any recent activity on this thread and as suggested by @AnkitJasani29, this use case should be addressed with the help of Adobe Support, so, we’ll be closing this question for now.
If you have any related questions or updates to share, please don’t hesitate to request to reopen this one or start a new thread. We’d be happy to take another look.
Thanks!



Sukrity Wadhwa

Views

52

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
How to Achieve Seamless Data Integration and Performance in Real-Time CDPs Under High Concurrency? Solved

Views

2.9K

Likes

0

Replies

2
is profileid in profile lookup page is queryable Solved

Views

197

Likes

0

Replies

3
Marketo Engage Source connector, "sample dataflow" toggle button behavior for incremental data

Views

6

Likes

0

Replies

0
Restrict Data processing to profile store for profile enabled dataset using httpAPI source connector

Views

10

Likes

0

Replies

0
Create exclusion list in the CDP

Views

65

Like

1

Replies

0