> CommCell Console > Storage > Command Line > MediaAgent QCommands Using XML Files > Key Management Server

Adding a Key Management Server

You can use XML to add a key management server.

  1. Use the qlogin command to log on to the CommServe computer.

  2. Download the Add_KMS.xml file and save it on the computer where the command is run.

  3. The following table displays the parameters you can use with the command..

    Attribute

    Description

    Parent Element

    keyProviderName

    The name of the key provider.

    provider

    keyProviderType

    The type of the key provider.

    To add a Safenet or Vormetric key management server, set the value to KMIP.

    To add an AWS key management server, set the value to AWS_KMS.

    To add a passphrase key management server, set the value to PASSPHRASE.

    keyProvider

    encryptionKeyLength

    The key length to use with the AES cipher.

    The following are the supported key lengths for AES cipher:

    • 128

    • 256

    keyProvider

    host

    The IP address or hostname of the third-party key management server. In case of a cluster server, specify the host values of all servers separated with a comma during command execution.

    Note: For CommCell migration, make sure that both the source and the destination CommCells are pointing to the same third-party key management server.

    properties

    port

    The port used by the key management server.

    In case of a cluster server, all servers should use the same port.

    properties

    certFilePath

    The location of the client certificate.

    Example: C:\Certificates\client.crt (for Salefent) and C:\Certificates\client.pem (for Vormetric)

    properties

    sslPassPhrase

    The passphrase of the certificate if set.

    properties

    keyFilePath

    The location of the client certificate key.

    Example: C:\Certificates\clientkey (for Safenet) and C:\Certificates\client_private.pem (for Vormetric)

    properties

    caCertFilePath

    The location of the key management server CA certificate.

    Example: C:\Certificates\Local_CA.crt (for Safenet) and C:\Certificates\1.2.3.4_CA.pem (for Vormetric)

    properties

    regionName

    The region where AWS hosts the Key Management Service.

    properties

    userName

    The AWS Access Key.

    userAccount

    password

    The AWS Secret Access Key.

    userAccount

    passphrase

    The passphrase for the passphrase key management server.

    properties

    clientName

    The name of the client to store the passphrase file for a passphrase key management server.

    client

    path

    The location to export the passphrase file for a passphrase key management server.

    filePath

  4. To add a Safenet or Vormetric key management server, execute the following command from the <software_installation_directory>/Base folder after substituting the parameter values: 

    qoperation execute -af downloaded location\Add_KMS.xml -keyProviderName xxxxx -keyProviderType KMIP -encryptionKeyLength xxx -sslPassPhrase xxx -host xxx -port xxxx -certFilePath xxx -keyFilePath xxx -caCertFilePath xxx

    Example:

    Execute the following command to add a Safenet key management server with key provider name "Safenet", provider type "KMIP", encryption key length "128", passphrase "sslphrase!12", host "172.19.119.222", port "9002", client certificate location "C:\Certificates\client.crt". client certificate key location "C:\Certificates\clientkey", and key management server CA certificate location "C:\Certificates\Local_CA.crt".

    qoperation execute -af downloaded location\Add_KMS.xml -keyProviderName Safenet -keyProviderType KMIP -encryptionKeyLength 128 -sslPassPhrase sslphrase!12 -host 172.19.119.222 -port 9002 -certFilePath C:\Certificates\client.crt -keyFilePath C:\Certificates\clientkey -caCertFilePath C:\Certificates\Local_CA.crt

  5. To add an AWS key management server, execute the following command from the <software_installation_directory>/Base folder after substituting the parameter values: 

    qoperation execute -af downloaded location\Add_KMS.xml -keyProviderName xxxxx -keyProviderType AWS_KMS -regionName xxxx -userName xxxx -password xxxx

    Example:

    Execute the following command to add an AWS key management server with key provider name "AWS", provider type "AWS_KMS", region name "Asia Pacific (Mumbai)", Access Key "accesskey", and Secret Access Key "secretkey":

    qoperation execute -af downloaded location\Add_KMS.xml -keyProviderName AWS -keyProviderType AWS_KMS -regionName 'Asia Pacific (Mumbai)' -userName accesskey -password secretkey

  6. To add a passphrase key management server, execute the following command from the <software_installation_directory>/Base folder after substituting the parameter values: 

    qoperation execute -af downloaded location\Add_KMS.xml -keyProviderName xxxxx -keyProviderType PASSPHRASE -encryptionKeyLength xxx –passphrase xxx –passphraseClient/client/clientName xxx -passphraseClient/filePath/path xxxx

    Example:

    Execute the following command to add a passphrase key management server with key provider name "PassphraseKMS", provider type "PASSPHRASE", encryption key length "128", passphrase "demo passphrase", client name "client1", and passphrase file location "C:\Passphrase".

    qoperation execute -af c:\Xmls\Add_KMS.xml -keyProviderName PassphraseKMS -keyProviderType PASSPHRASE -encryptionKeyLength 128 –passphrase “demo passphrase” –passphraseClient/client/clientName client1 -passphraseClient/filePath/path c:\Passphrase

    Click here to see sample output.

×

Loading...