Accessing external key manager services
Configure a key manager adapter to access external key manager services.
About this task
The key manager adapter must
contain a class that implements the following key manager interface:
- A constructor that accepts a Properties object
- The Properties object contains the
BASE_DIR
attribute. This attribute is used to locate the file path of the key manager adapter, from the local directory. Use this attribute to access any other data files such as configuration file that is included in the adapter's compressed file.
- public Properties createKey(String keyType) throws Exception
- This method creates a key of the given key type from external
key manager. The method then returns a Properties object containing
the following attributes and values:
- key
- The Base64 encoded key
- id
- The identifier that is used to reference the key
Note: The value of theThrow an exception when the key type is not supported, or the key creation failed.keyType
attribute depends on the supported encryption specification of the key manager.
- public String getKey(String id) throws Exception
- This method returns the Base64 encoded key of the matching identifer from target key manager. Throw an exception when it fails to get the key, or if the key does not exist.
- public boolean removeKey(String id) throws Exception
- This method returns
true
if the key of matching identifier is successfully removed from target key manager. Throw an exception for errors that occur while a key is being removed from the key manager.
- public String resetKey(String id, String keyType) throws Exception
- This method returns a newly generated key of the specified key
type, of the matching identifier from key manager system. Note: The value of theThrow an exception if the identifer does not exist, or the key type is not supported, or if the key reset failed.
keyType
attribute depends on the supported encryption specification of the key manager.
Procedure
What to do next
Register your key manager adapter.
- Click
- Click Register
- Type a name for your adapter in the Name field.
- Type a description of your adapter in the Description field.
- Click Browse to find and select the compressed
file you created.
Selecting your compressed file will prompt the adapter registration.
Note: If your key manager adapter requires a trust relationship, the certificate exchange between the key manager server and Cloud Pak System Software must be processed manually.
You can also delete a key manager adapter from the list by selecting the key manager adapter and clicking Delete.