Parameters to install IBM Security Guardium Key Lifecycle Manager container
Use this topic to understand the parameters that are used to install an IBM Security Guardium Key Lifecycle Manager container.
Parameter | Mandatory/Optional | Description |
---|---|---|
Container name | ||
name | Mandatory | Name for the container. |
Environment variables | ||
DB_PASSWORD | Mandatory | Password to connect to the database instance where the IBM Security Guardium Key Lifecycle Manager database is running |
DB_TYPE | Optional | Type of the database. Depending on the database that you use, specify one of the following
values:
Note: This parameter is ignored in the subsequent run commands when the
same value of the sklmAppVolume parameter is used.
|
DB_USER | Optional | User name of the database. Default value: sklmdb41 |
DB_NAME | Optional | Name of the database. When the value of DB_TYPE is zos_db, specify the location name of the database. Default value: sklmdb41 |
DB_PORT | Mandatory | Port number of the database instance where the IBM Security Guardium Key Lifecycle Manager database is running |
DB_HOST | Mandatory | IP address or fully qualified host name of the system that hosts the database instance where the IBM Security Guardium Key Lifecycle Manager database is running. You can use the same system to host the database instance and the application container, or choose a different system for each of them. |
LICENSE | Mandatory | Variable to accept license terms. Specify value as accept. |
SKLM_SEED | Mandatory | Secret passcode that is unique for a deployment, and must be stored securely. The value is a
random string of 32 or 64 characters that you can generate using an external utility. Note: Ensure that the value of this parameter in the subsequent run commands is the same
as that used in the first run command, when the same value of the sklmAppVolume
parameter is used.
|
LIBERTY_KEY_STORE_PASSWORD | Optional | Password for the IBM Security Guardium Key Lifecycle Manager keystore.
Default value: Ch@ngemypa55word
Note: Ensure that the value of this parameter in the subsequent run commands is the same
as that used in the first run command, when the same value of the sklmAppVolume
parameter is used.
|
LIBERTY_KEY_STORE_PASSWORD_OLD | Optional | Old password for the IBM Security Guardium Key Lifecycle Manager keystore.
If you want to change the keystore password, specify the current password as the value of this
parameter, and the new password in the LIBERTY_KEY_STORE_PASSWORD parameter.
Default value: Ch@ngemypa55word
Note: Ensure that the value of this parameter in the subsequent run commands is the same
as that used in the first run command, when the same value of the sklmAppVolume
parameter is used.
|
LIBERTY_AES_ENCRYPTION_KEY | Optional | Key for encrypting the password for the IBM Security Guardium Key Lifecycle Manager administrator user with the AES algorithm. If you do not provide a value for this property, IBM Security Guardium Key Lifecycle Manager uses the value of the SKLM_SEED parameter for encryption. |
HEALTH_AUTHORIZATION_TOKEN | Optional | Health token in your Kubernetes environment. Note: This parameter is applicable only when you
are deploying on a Kubernetes cluster by using Helm charts.
|
Port numbers | ||
9443 | Mandatory | Port number for the graphical user interface. |
5696 | Mandatory | KMIP TLS port |
1441 | Mandatory | IPP TLS port |
3801 | Mandatory | IPP TCP port |
2222 | Optional | Required if you plan to configure replication. |
1111 | Optional | Required if you plan to configure replication. |
Persistent storage | ||
sklmAppVolume | Mandatory | Persistent storage to store the application server configuration and metadata
information. Sample value: /opt/ibm/wlp/usr/products |
Sample environment variables file content
- Installing IBM Security Guardium Key Lifecycle Manager on IBM zCX environment with Db2 on z/OS
-
DB_TYPE=zos_db DB_NAME=sklmdb41 DB_USER=sklmdb41 DB_PASSWORD=xxxxx DB_HOST=9.x.x.x DB_PORT=446 LICENSE=accept SKLM_SEED=68d95f0081f1dbfc0b06de9b0916df1c SKLMADMIN_USERNAME=sklmadmin SKLMADMIN_PASSWORD=adminpassword
- Installing IBM Security Guardium Key Lifecycle Manager on IBM zCX environment with PostgreSQL
-
DB_TYPE=postgres DB_NAME=sklmdb41 DB_USER=sklmdb41 DB_PASSWORD=xxxxx DB_HOST=9.x.x.x DB_PORT=5432 LICENSE=accept SKLM_SEED=68d95f0081f1dbfc0b06de9b0916df1c SKLMADMIN_USERNAME=sklmadmin SKLMADMIN_PASSWORD=adminpassword