Add public keys to a key collection

To an empty key collection, you can upload one or two public keys in PEM format. By doing so, you create the first version of this key collection. Once you have uploaded public keys to a key collection, you can only update it by creating another version or cloning an already existing version of this collection.

  1. In Token Access Control, click Manage next to an appropriate key collection.

  2. In the key collection name window:

    • If you're uploading public keys to an empty key collection, click Upload your first keys.

    • If you're uploading public keys to update a collection version, click New version.

  3. In the Create new version window:

    a. In Description, enter a meaningful description of the key collection version.

    b. In Primary Key, upload the primary RSA or ECDSA public key for the JWT signature verification.

    c. Optional: In Secondary Key, upload the backup RSA or ECDSA public key that you want to use to verify the JWT signature in case the primary key fails.

    See Key rotation.

    d. Click Create.

    The collection version appears in the list of all collection's versions. The system assigns the highest number to the new collection version.