# Rotating your private key
You should rotate your private key occasionally. When you do this depends upon several factors:
* Your companies security policy restricting the length of time private key material is valid for.
* Your mobile app deprecation policy.
* Your app metadata being exposed (data loss).
* Development team members leaving your employment.
{% hint style="info" %}
The instructions here assume you are using Appfigurate in an iOS Simulator, and Xcode and Swift for your app implementation. Android Emulator and real devices will differ subtly.
{% endhint %}
## Appfigurate Simulator
### 1. Generate a new app metadata record
Tap the burger menu `≡`, `Add app`.
Select your app type, e.g. `iOS`. Tap the `Next` button to continue.
For the URL Scheme, we suggest appending a version number, or incrementing the version number to differentiate the old and new app key versions. e.g. `quickstart` ‣ `quickstart1`.
Tap `Add` to generate a random 2048 bit RSA private key.
### 2. Output the new public key
Tap the burger menu `≡`, `quickstart1`
The edit app screen is displayed. Scroll to the correct library integration section, depending upon your app's implementation language (e.g Swift, Objective-C, Kotlin, Java).
Tap `Output Implementation`, then tap `Console`.
The output will appear in the macOS `Console.app`. Select the iOS Simulator device in the left hand pane. Type `process:appfigurate` in the search box in the top right. Copy the output public key method. e.g.
{% hint style="info" %}
**Note:** your public key output to the Console in will be different to the public key in the following example.
{% endhint %}
```swift
override func publicKey() -> String {
// E4 8B B6 25 EE 01
return "-----BEGIN PUBLIC KEY-----\n" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD67fMex1KkP7kltlNaO\n" +
...
"EQIDAQAB\n" +
"-----END PUBLIC KEY-----\n";
}
```
## Xcode
### 3. Update your APLConfiguration subclass' publicKey method
Open your [`APLConfiguration`](https://www.electricbolt.co.nz/api/Classes/APLConfiguration.html) subclass file in Xcode.
Paste the new [`publicKey`](https://www.electricbolt.co.nz/api/Classes/APLConfiguration.html#/c:objc\(cs\)APLConfiguration\(im\)publicKey) method output to the console over the top of the old [`publicKey`](https://www.electricbolt.co.nz/api/Classes/APLConfiguration.html#/c:objc\(cs\)APLConfiguration\(im\)publicKey) method.
### 4. Update Encrypted Strings
If you have any [Encrypted Strings](https://docs.electricbolt.co.nz/configuration-subclasses/supported-property-types/encrypted-string) in your subclass, using the [Xcode source editor extension](https://docs.electricbolt.co.nz/appfigurate-se-user-guide/xcode-source-editor-extension) is the easiest way to re-encrypt them all at once with the new public key.
{% hint style="info" %}
If you have any Encrypted Strings and you neglect to perform this step, you wont be able to configure any app's built in `Release` mode. (Strings encrypted with the old public key will fail to be decrypted with the new private key).
{% endhint %}
In Xcode, Tap `Editor` menu ‣ `Appfigurate SE` ‣ `Encrypt strings`. All instances of `ENCRYPTED_STRING` will be updated automatically with the generated ciphertext using the new public key.
### 5. Update Info.plist URL Scheme
In your apps `Info.plist` file (right click, Open As ‣ Source Code). Change `CFBundleURLSchemes` value from `quickstart` to `quickstart1`.
```xml
CFBundleURLTypes
CFBundleURLName
appfigurate.quickstart
CFBundleURLSchemes
quickstart1
```
Build and run your app.
{% hint style="success" %}
All key rotation tasks are now complete. You can now use the `quickstart` row in Appfigurate to configure any earlier version of your app, and `quickstart1` row to configure the new version of your app.
{% endhint %}