Integration with CipherTrust Manager
Perform the following steps to integrate HPE Ezmeral Data Fabric with the CipherTrust Manager:
Create a directory named
tokens
at/opt/mapr/conf/
to store the key files and change the owner to mapr.mkdir /opt/mapr/conf/tokens chown mapr:mapr /opt/mapr/conf/tokens
Run the following command to create the KMIP token for the first time and initialize the KMIP configuration:
mrhsm init -sopin <PIN for SO> -label "CipherTrustManager" -storetype kmip
After the Keystore is initialized, configure your KMIP settings using
mrhsm set
to configure the IP, Port, Certificates, KMIP Version, and the SO Pin.mrhsm set -sopin <PIN for SO> -ip comma-separated list of KMIP server IP addresses> -port <KMIP port number. Default is 5696> -cacert <Path to KMIP server CA certificate in PEM format> -clientcert <Path to client certificate in PEM format> -clientkey <Path to client private key in PEM format> -kmipversion 1.1 -storetype kmip
Use the
mrhsm info
command to view the updated HSM configuration information and status.mrhsm info
Run the following command to enable DARE on the current node:
mrhsm enable -dare
After the above command is executed, the keys are generated and you can verify the integration by matching the UUID keys.