Configuring a Key Management Server
Prev Advanced allocation methods for configuring storage Next

Configuring a Key Management Server

You can configure a Key Management Server for volume encryption by creating the configuration file /etc/vx/enc-kms-kmip.conf on the KMIP client.

The configuration file must have the following information:

host

The hostname or IP address of the Key Management Server

port

The port number at which the Key Management Server accepts Key Management Interoperability Protocol (KMIP) clients

keyfile

The location of the private key to be used by the KMIP client, in Privacy Enhanced Mail (PEM) format

certfile

The location of the certificate to be used by the KMIP client, in PEM format

cacerts

The location of the root certificate to be used for mutual authentication, in PEM format

A sample configuration file is as follows:

[client]
host = kms-enterprise.example.com
port = 5696
keyfile = /var/kmip/certs/client-key.pem
certfile = /var/kmip/certs/client-crt.pem
cacerts = /var/kmip/certs/cacert.pem
Prev Up Next
Automating startup for encrypted volumes Home Specifying ordered allocation of storage to volumes