keyring unlock

Unlock a specified keyring that has been locked due to reaching the consecutive failed login limit (10 attempts). The Crypto Officer for the cluster partition (see The Cluster Partition) must provide authentication.

NOTE Thales requires minimum Luna Appliance Software 7.8.5 with the lnh_cluster-1.0.4 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.7.2 to use clusters in production environments, or minimum Luna Appliance Software 7.9.0 with the lnh_cluster-1.0.5 package, Luna HSM Firmware 7.8.4, and Luna HSM Client 10.8.0 to migrate keys from Luna application partitions.

NOTE The KRCO password is what your applications will specify to access the keyring and create and use objects. Thales recommends that you always use the most secure password possible. The length of your KRSO/KRCO password affects the behavior of the keyring as follows:

>If the KRCO password is 16 characters or shorter, the keyring is locked after 10 failed login attempts and must be unlocked before it can be used again:

PATCH /api/keyrings/{keyringID}

lunash:> keyring unlock {-keyringid <string> | -label <name>} [-copassword <password>]

>If the KRCO password is 17 characters or longer, the lockout counter is not incremented.

Failed login attempts using 6 characters or less never increment the counter.

REST API: PATCH /api/keyrings/{keyringID}

User Privileges

Users with the following privileges can perform this command:

>Admin

Syntax

keyring unlock {-keyringid <string> | -label <name>} [-copassword <password>]

Argument(s)	Shortcut	Description
-copassword	-c	Specifies the Crypto Officer password for the cluster partition. If this option is omitted on a password-authenticated HSM, LunaSH prompts for the password. If this option is included on a multifactor quorum-authenticated HSM and the partition is not activated, it is ignored.
-keyringid	-k	Specifies the UUID of the keyring to be unlocked. Use lunash:> keyring list to display a list of available keyrings and their UUIDs.
-label	-l	Specifies the label of the keyring to be unlocked.

Example

lunash:>keyring unlock -copassword iamtheCO -keyringid e921c334-3d11-4797-a10f-e98bc9ed5621

Success

Command Result : 0 (Success)



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2025, Thales Group Last Updated: 2025-09-08 10:09:58 GMT-05:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information