Configure the HSM
This step is only needed for on-premise Primus HSM setups. Skip this step if you are using CloudHSM.
This page gives an overview of how to configure a Primus HSM to prepare it to be used with the KMIP Server. For full details and for exact steps, please see the Primus HSM User Guide.
This guide assumes that you have done the basic setup of the HSM, have completed the Initial Wizard, defined your networking settings, and have Security Officer (SO) roles configured.
Step 1: Create a Partition
Create a Partition that the Key Manager UI can use. Note down the Setup Password.
For detailed instructions, see Section 5.5 "User (Partition)" of the Primus HSM User Guide.
Step 2: Configure the Device
In the Device Security Config, enable the JCE API.
Additionally, make sure that the Root Key Store is set up. For detailed instructions, see Section 6 "Attestation and Audit (Device, User, Key)" of the Primus HSM User Guide.
Step 3: Configure the Partition
In the User Security Configuration of your Partition, enable User Configuration, JCE, REST API, and KMIP.
For details, see Section 3.9 "Individual User Configuration" and Section 4 "Menu Structure" of the Primus HSM User Guide.
- PSO
- UI
- Console
User Config ➜ Edit ➜ (setting)
For the following settings:
- User Configuration
- JCE
- REST API
- KM System
Setup ➜ Configuration ➜ Security ➜ User Security ➜ (User) ➜ (setting)
For the following settings:
- User Configuration
- JCE
- REST API
- KM System
hsm_user_enter_config
hsm_user_set_config use_usr_cnf=true
hsm_user_set_config jce=true
hsm_user_set_config rest_api=true
hsm_user_set_config km_system=true
hsm_user_list_config jce
hsm_user_exit_config
If you want to use Smart Key Attributes, also enable Key Authorization and the TSB Workflow Engine.