You can add or modify an AWS Key Management Service (KMS) Server from the CommCell Console using the access information.
Before You Begin
-
The AWS KMS account that you configure must have the following permissions:
-
kms:CreateKey
-
kms:Decrypt
-
kms:DisableKeyRotation
-
kms:Encrypt
-
kms:ScheduleKeyDeletion
-
-
To use your own key, obtain the key ID provided by your key management service (KMS) provider after you import or generate the key using the KMS provider interface.
Procedure
-
From the CommCell Console ribbon, on the Home tab, click Control Panel.
The Control Panel window appears.
-
Under Storage, click Key Management Servers.
The Encryption Key Management Servers dialog box appears.
-
Click Add, and then select AWS KMS.
The Key Provider Properties dialog box appears.
-
In the Key Provider Name box, enter a unique name for the key provider.
-
From the Region list, select the region where AWS hosts the key management service.
-
From the Authentication Type list, select one of the options - Access & Secret Keys or IAM Role Policy.
-
If you selected Access & Secret Keys, then enter the following information:
-
In the Access Key box, enter the AWS access key.
-
In the Secret Access Key box, enter the AWS secret access key.
-
-
To use access node, complete the following steps:
-
Select Use Access Node checkbox.
The Access Nodes area appears.
-
Click Add.
The Access Node dialog box appears.
-
From the Access Node list, select the MediaAgent that you want to use as access node.
-
For information about authentication, see steps 6 and 7 above.
-
Click OK.
-
-
To use your own key, complete the following steps:
-
Click the Bring Your Own Keys tab.
-
To enable Bring your Own Key (BYOK), select the Enable Bring Your Own Keys checkbox.
-
To add a key, complete the following steps:
-
Click Add.
The Bring Your Own Key dialog box appears.
-
Enter Key ID, and then click OK.
-
-
-
Click OK.