<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://community.appian.com/cfs-file/__key/system/syndication/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian</link><description /><dc:language>en-US</dc:language><generator>Telligent Community 12</generator><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian</link><pubDate>Thu, 16 Jul 2026 16:21:08 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Current Revision posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 4:21:08 PM&lt;br /&gt;
&lt;h2 id="mcetoc_1jtlrk63e0"&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2 id="mcetoc_1jtlrk63e1"&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2 id="mcetoc_1jtlrk63e2"&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;b&gt;Date&lt;/b&gt;&lt;/td&gt;
&lt;td style="width:150px;"&gt;&lt;b&gt;Operator Version&lt;/b&gt;&lt;/td&gt;
&lt;td&gt;&lt;b&gt;Details&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;August 2024&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:150px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.161.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;July 2026&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:150px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.205.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="mcetoc_1jtlrk63e3"&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a href="#why-is-the-signing-key-rotated"&gt;Why is the signing key rotated?&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#existing-license-after-rotation"&gt;Do existing licenses stop working after the rotation?&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#upgrade-operator-before-new-license"&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;&lt;strong&gt;&lt;a id="why-is-the-signing-key-rotated"&gt;&lt;/a&gt;Why is the signing key rotated?&lt;/strong&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;&lt;strong&gt;&lt;a id="existing-license-after-rotation"&gt;&lt;/a&gt;Do existing licenses stop working after the rotation?&lt;/strong&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;&lt;strong&gt;&lt;a id="upgrade-operator-before-new-license"&gt;&lt;/a&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/strong&gt;&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2 id="mcetoc_1jtlrk63e4"&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;

&lt;div style="font-size: 90%;"&gt;Tags: infrastructure, Kubernetes&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/8</link><pubDate>Thu, 16 Jul 2026 16:16:17 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 8 posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 4:16:17 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;b&gt;Date&lt;/b&gt;&lt;/td&gt;
&lt;td style="width:150px;"&gt;&lt;b&gt;Operator Version&lt;/b&gt;&lt;/td&gt;
&lt;td&gt;&lt;b&gt;Details&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;August 2024&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:150px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.161.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;July 2026&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:150px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.205.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;

&lt;div style="font-size: 90%;"&gt;Tags: infrastructure, Kubernetes&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/7</link><pubDate>Thu, 16 Jul 2026 16:16:02 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 7 posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 4:16:02 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;b&gt;Date&lt;/b&gt;&lt;/td&gt;
&lt;td style="width:125px;"&gt;&lt;b&gt;Operator Version&lt;/b&gt;&lt;/td&gt;
&lt;td&gt;&lt;b&gt;Details&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;August 2024&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:125px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.161.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;July 2026&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:125px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.205.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;

&lt;div style="font-size: 90%;"&gt;Tags: infrastructure, Kubernetes&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/6</link><pubDate>Thu, 16 Jul 2026 16:13:49 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 6 posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 4:13:49 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;b&gt;Date&lt;/b&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;b&gt;Operator Version&lt;/b&gt;&lt;/td&gt;
&lt;td&gt;&lt;b&gt;Details&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;August 2024&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.161.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;July 2026&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.205.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;

&lt;div style="font-size: 90%;"&gt;Tags: infrastructure, Kubernetes&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/5</link><pubDate>Thu, 16 Jul 2026 16:13:20 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 5 posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 4:13:20 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;b&gt;Date&lt;/b&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;strong&gt;Operator Version&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Details&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;August 2024&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.161.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;July 2026&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.205.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;

&lt;div style="font-size: 90%;"&gt;Tags: infrastructure, Kubernetes&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/4</link><pubDate>Thu, 16 Jul 2026 16:12:05 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 4 posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 4:12:05 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;strong&gt;Date&lt;/strong&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;strong&gt;Operator Version&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Details&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;August 2024&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.161.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;July 2026&lt;/span&gt;&lt;/td&gt;
&lt;td style="width:200px;"&gt;&lt;span style="font-size:inherit;"&gt;v0.205.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;

&lt;div style="font-size: 90%;"&gt;Tags: infrastructure, Kubernetes&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/3</link><pubDate>Thu, 16 Jul 2026 16:11:11 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 3 posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 4:11:11 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;strong&gt;Date&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Operator Version&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Details&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;August 2024&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;&lt;span style="font-size:inherit;"&gt;v0.161.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td style="width:100px;"&gt;&lt;span style="font-size:inherit;"&gt;July 2026&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;&lt;span style="font-size:inherit;"&gt;v0.205.0&lt;/span&gt;&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-size:inherit;font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/2</link><pubDate>Thu, 16 Jul 2026 16:07:08 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>Ryan Good</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 2 posted to Appian Knowledge Base by Ryan Good on 7/16/2026 4:07:08 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Date&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Operator Version&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Details&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;August 2024&lt;/td&gt;
&lt;td&gt;v0.161.0&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;July 2026&lt;/td&gt;
&lt;td&gt;v0.205.0&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;
</description></item><item><title>KB-2390 License Signing Key Rotation for Kubernetes Native Appian</title><link>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian/revision/1</link><pubDate>Thu, 16 Jul 2026 15:45:20 GMT</pubDate><guid isPermaLink="false">d3a83456-d57b-489c-a84c-4e8267bb592a:d6c6ad81-4956-466e-9470-6ce945eed53b</guid><dc:creator>pauline.delacruz</dc:creator><comments>https://community.appian.com/support/w/kb/3828/kb-2390-license-signing-key-rotation-for-kubernetes-native-appian#comments</comments><description>Revision 1 posted to Appian Knowledge Base by pauline.delacruz on 7/16/2026 3:45:20 PM&lt;br /&gt;
&lt;h2&gt;&lt;span&gt;Overview:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;For security reasons, the Kubernetes Native Appian license signing key is rotated approximately every two years.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;The license &lt;strong&gt;appian.lic&lt;/strong&gt; is digitally signed using a private signing key, while the Appian Operator contains the corresponding public key used to validate those licenses. When the signing key is rotated, the Appian Operator must contain the updated public key to validate licenses signed with the new private key.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;As a result, customers must upgrade their Appian Operator before requesting a new license generated after a signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Customer Impact:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;ol&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers running old Appian Operator versions should upgrade their operator before requesting a new license after the signing key rotation. If a customer requests a new license without first upgrading the operator, the new license will fail validation with the following error for the Appian Operator:&lt;br /&gt;&lt;/span&gt;
&lt;pre&gt;&lt;span style="font-weight:400;"&gt;Failed to verify signature #l with key &amp;hellip;&lt;/span&gt;&lt;/pre&gt;
&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;Customers can safely upgrade their Appian Operator before requesting a new license, even if they are still using an existing license signed with the previous key.&lt;/span&gt;&lt;/li&gt;
&lt;li&gt;&lt;span style="font-weight:400;"&gt;If a customer has an internal change management or security processes that require validating new container images before deploying them, we recommend validating and approving the latest Appian Operator in advance. Always remember to deploy the latest operator before deploying a new &lt;strong&gt;appian.lic&lt;/strong&gt; as this helps avoid delays caused by requesting a license that cannot be validated by an older operator.&lt;/span&gt;&lt;span style="font-weight:400;"&gt;&lt;/span&gt;&lt;/li&gt;
&lt;/ol&gt;
&lt;h2&gt;&lt;span&gt;Rotation Schedule:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;table&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;strong&gt;Date&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Operator Version&lt;/strong&gt;&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;Details&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;August 2024&lt;/td&gt;
&lt;td&gt;v0.161.0&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-weight:400;"&gt;&amp;nbsp;The previous license signing key rotation occurred.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;July 2026&lt;/td&gt;
&lt;td&gt;v0.205.0&lt;/td&gt;
&lt;td&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-weight:400;"&gt;The next license signing key rotation will take place.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;span style="font-weight:400;"&gt;Operator v0.205.0 introduces the new public key required to validate licenses signed after the 2026 rotation.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;ul&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;After the rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Customers requesting a newly generated license must be running Appian Operator v0.205.0 or later. Older operator versions will not recognize licenses signed with the new key.&lt;/span&gt;&lt;/li&gt;
&lt;li style="font-weight:400;"&gt;&lt;b&gt;Until the next signing key rotation:&lt;/b&gt;&lt;span style="font-weight:400;"&gt; Appian Operator v0.205.0 and later will continue to validate licenses signed with the current signing key.&lt;/span&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;span&gt;FAQ:&amp;nbsp;&lt;/span&gt;&lt;/h2&gt;
&lt;h3&gt;&lt;b&gt;Why is the signing key rotated?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Rotating signing keys is a standard security practice that helps maintain the integrity and security of digitally signed licenses.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Do existing licenses stop working after the rotation?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;No. Existing licenses continue to function as normal. The change only affects newly generated licenses signed with the new signing key.&lt;/span&gt;&lt;/p&gt;
&lt;h3&gt;&lt;b&gt;Can customers upgrade the Appian Operator before requesting a new license?&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;&lt;span style="font-weight:400;"&gt;Yes. This is the recommended approach. The latest operator trusts both the previous and current signing keys, allowing it to validate both existing licenses and newly generated licenses. Older Appian Operator versions trust only the previous signing key and cannot validate licenses generated after the signing key rotation.&lt;/span&gt;&lt;/p&gt;
&lt;h2&gt;&lt;span&gt;Affected Versions&lt;/span&gt;&lt;/h2&gt;
&lt;p&gt;&lt;span&gt;This article applies to all supported versions of Appian on Kubernetes.&lt;/span&gt;&lt;/p&gt;
&lt;p&gt;&lt;span&gt;Last reviewed:&amp;nbsp;July&lt;/span&gt;&lt;span&gt;&amp;nbsp;2026&lt;/span&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;
</description></item></channel></rss>