Defining EKMF Web configuration properties in IBM Security Guardium Key Lifecycle Manager
Define the EKMF Web configuration properties in IBM Security Guardium Key Lifecycle Manager by using the REST interface.
About this task
Parameter | Description | Sample value |
---|---|---|
templateName | Name of the key template that you created in EKMF Web. | TEMPGKLM |
masterKeyAlias | Specify a custom alias for the master key. If no value is specified, by default the master key is created with an alias in the format KLMnKEY. Where, n is a number that automatically increments with every IBM Security Guardium Key Lifecycle Manager server that is configured with an EKMF Web host. For example, KLM1KEY, KLM2KEY. The master key alias that you specify must contain only alphabets in uppercase and numbers and must be 7 characters long. For example, ALIAS123.Note: Ensure that the master key is correct because after the master
key alias is configured, it cannot be changed directly. If you want to change the master key alias,
first migrate the master key store from EKMF Web to JCEKS
and then reconfigure EKMF Web with the desired master key
alias.
|
MKEY123 |
hostPreferenceSequence | Specifies the preference order in which IBM Security Guardium Key Lifecycle Manager connects to the configured EKMF Web hosts. |
|
hosts | List of hosts and their details. |
|
host | Hostname or IP address of the EKMF Web server. | ekmf_server_hostname |
port | Port number to access the EKMF Web server. | 443 |
oidcUrl | URL of the OIDC server for authenticating to the EKMF Web server. | https://oidc-server/oidc/endpoint/EkmfOpenIdConnect/token |
clientId | Client ID. You can get this parameter value from the EKMF Web configuration. | client1 |
clientSecretPassword | Password associated with the client ID. You can get this parameter value from the EKMF Web configuration. | client1_password |
username | Username of the EKMF Web server. You can get this parameter value from the EKMF Web configuration. | user1 |
password | Password associated with the username of the EKMF Web server. You can get this parameter value from the EKMF Web configuration. | user1_password |
Procedure
What to do next
Step 3: Import the EKMF Web certificate and OIDC server certificate. When you import the EKMF Web certificate, for the Trust this certificate for field, choose EKMF Web. Similarly, for the OIDC certificate choose OIDC. For instructions, see Importing a system peripheral certificate.
Step 4: Set up the master key in EKMF Web. For instructions, see Setting up the master key in EKMF Web.