CCKM Administration
This document describes CipherTrust Manager interfaces to use CipherTrust Cloud Key Manager. The document explains how to:
Add the AWS KMS account and Azure vault to the CCKM
Manage AWS and Azure keys on the CCKM
Perform scheduling operations for AWS and Azure keys
It is assumed, for this document, that you have already configured the CipherTrust Manager appliance. Refer to the CipherTrust Manager product documentation for instructions.
The next step is to activate and install the CCKM license. Refer to Licensing for details.
Workflow
This section describes the high level steps to manage keys using CCKM:
Add a connection between the CipherTrust Manager and the supported cloud. This is needed to grant CCKM the access to the cloud service users with valid user credentials.
Test the connection. The connection must be in the ready state.
Add the container that contains the keys to be managed. A container is an AWS account or an Azure key vault.
When adding a container, you need to select the corresponding connection.
Synchronize the container to download its keys to CCKM. Synchronizing a container might take significant amount of time depending on the number of keys stored in it.
After a container is synchronized successfully, the downloaded keys can be managed on CCKM itself.
Manage keys. With CCKM, you can perform supported key operations such as adding, editing, and rotating keys.
CCKM also provides options to schedule key operations for the supported cloud. Refer to relevant sections in the CCKM Administration and CCKM API documentation for more details about the steps listed above and other CCKM features.