Skip to content

Configuration

Jump to bottom
Rob Linton edited this page May 22, 2020 · 2 revisions

Configuration

When SKC is running interactively it does not require that the service is running to add/edit/delete keys, providers or users. SKC accesses the encrypted database directly. If SKC is also running as a service then the interactive instance will ensure that the cache has been flushed on the service each time an add/edit/delete is performed on the database to ensure consistency.

Before we can use SKC we need to configure at least one Key Management Solution (KMS) provider at a minimum. A provider provides a Key Encryption Key (KEK) to ensure that the Data Encryption Key (DEK) is encrypted appropriately.

As an example we will show how to configure SKC using an Amazon KMS provider.

First follow these instructions for creating an AWS KMS key.

Configuring an AWS KMS provider

You will need to remember the following pieces of information:

  1. The region you created the key in
  2. The AWS Key
  3. The AWS Secret
  4. The Key ID

image

First select 3. Manage -> 3. Providers -> 2. Add -> 1. Add AWS KMS

image

Add an ID for your provider. This must be unique to this provider.

image

Add a description.

image

Select the region the key was created in. A list of regions and their names are:

US East (Ohio)                    us-east-2
US East (N. Virginia)             us-east-1
US West (N. California)           us-west-1
US West (Oregon)                  us-west-2
Africa (Cape Town)                af-south-1
Asia Pacific (Hong Kong)          ap-east-1
Asia Pacific (Mumbai)             ap-south-1
Asia Pacific (Osaka-Local)        ap-northeast-3
Asia Pacific (Seoul)              ap-northeast-2
Asia Pacific (Singapore)          ap-southeast-1
Asia Pacific (Sydney)             ap-southeast-2
Asia Pacific (Tokyo)              ap-northeast-1
Canada (Central)                  ca-central-1
China (Beijing)                   cn-north-1
China (Ningxia)                   cn-northwest-1
Europe (Frankfurt)                eu-central-1
Europe (Ireland)                  eu-west-1
Europe (London)                   eu-west-2
Europe (Milan)                    eu-south-1
Europe (Paris)                    eu-west-3
Europe (Stockholm)                eu-north-1
Middle East (Bahrain)             me-south-1
South America (São Paulo)         sa-east-1

image

Enter the AWS Account Key

image

Enter the AWS Account secret

image

Enter the priority of this provider.

image

Enter the default KMS Key ID. This is the key that is used by default for all encrypt requests to this provider unless a specific key name is provided for the encrypt operation.

image

Multiple key alias mappings can be done to map a key alias to a key ID, however, only one is required.

image

Optional arbitary Tags may be entered as extra metadata at this point.

image

If all of these details are correct select 1. True.

SKC is now configured with the minimum of 1 provider!

Senetas Key Orchestrator

Overview
Installing
Running
Configuration
Providers
Using

Clone this wiki locally