Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

HashiCorp Vault

Installing and Configuring the SafeNet ProtectApp PKCS#11 Provider

search
printsuggest an editpdf paneldownload

Installing and Configuring the SafeNet ProtectApp PKCS#11 Provider

This section covers the following:

copy link to clipboardInstalling the SafeNet ProtectApp PKCS#11 Provider

Perform the following steps to install the SafeNet ProtectApp PKCS#11 Provider.

  1. Unzip the SafeNet ProtectApp PKCS#11 installer.

    For example:

    tar -xzf <source_directory/tar_file_name> -C <destination_directory>

  2. Create the /opt/hashi/<ARCH>/hsm/safenet/<VERSION> directory. The HashiCorp Vault user must have appropriate access permissions on /opt/.

    Note

    <ARCH> is the system architecture (either 32 or 64), and <VERSION> is the software version number (for example, 8.3.2). This point onward, in this document, <ARCH> is used as 64 and <VERSION> as 8.3.2. If the system architecture and version are different, adjust these values accordingly.

  3. Copy the library file libIngPKCS11.so-8.3.2.000 from the extracted /root/Ingrian_pkcs11-8.3.2.000/lib directory to /opt/hashi/64/hsm/safenet/8.3.2.

    For example:

    cp libIngPKCS11.so-8.3.2.000 /opt/hashi/64/hsm/safenet/8.3.2

    Note

    The receiving directory is a fixed location. HashiCorp Vault searches for this directory. It cannot be changed. Changing the directory name results in a "cannot find PKCS11 library" error.

  4. Copy the IngrianNAE.properties file from extracted /root/Ingrian_pkcs11-8.3.2.000 directory to /opt/hashi/64/hsm/safenet/8.3.2.

    For example:

    cp IngrianNAE.properties /opt/hashi/64/hsm/safenet/8.3.2

  5. Rename libIngPKCS11.so-8.3.2.000 as libIngPKCS11.so.

    For example:

    mv libIngPKCS11.so-8.3.2.000 libIngPKCS11.so

  6. Export the following environment variables.

    export SFNT_HSMAPI_BASE=/opt/hashi/64/hsm/safenet/8.3.2
export NAE_Properties_Conf_Filename=$SFNT_HSMAPI_BASE/IngrianNAE.properties
export IngrianNAE_Properties_Conf_Slot_ID_Max=100
export IngrianNAE_Properties_Conf_SessionID_Max=100
export AES_GCM_TAG_LEN=6

copy link to clipboardConfiguring the SafeNet ProtectApp PKCS#11 Provider

The basic configuration parameters that are required to be changed are:

  • NAE_IP‌

  • NAE_Port

  • Protocol

  • CA_File

  • Cert_File

  • Key_File

  • Log_Level

  • Log_File

You can further configure the SafeNet ProtectApp PKCS#11 Provider to meet the requirements of your environment. Refer to Configuring the Properties File for more details.

On this page