Key Management Service installation

· 04/14/2025 ·

A Key Management Service (KMS) must be installed before installing the Key Broker System (KBS). The Intel KBS is compatible with two key management systems, Hashicorp Vault and PyKMIP. Select the proper key management system for your environment and follow the instructions.

• Install Hashicorp vault KMS
• Install PyKMIP

Follow these instructions to install the Hashicorp Vault KMS. If your organization is using PyKMIP KMS, follow the instructions found on the Install PyKMIP tab.

1. Install Vault according to the instructions provided here: https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install.

2. Create a Vault server config file: https://developer.hashicorp.com/vault/docs/configuration.

3. Start the Vault server: https://developer.hashicorp.com/vault/docs/commands/server.

4. Initialize the Vault server: https://developer.hashicorp.com/vault/docs/commands/server. Securely store/save the keys.

5. Unseal the Vault server: https://developer.hashicorp.com/vault/docs/commands/operator/unseal.

6. Login to Vault by running the following command:

   vault login <root-token>
   

7. Enable a kv secrets engine for KBS to use.

   vault secrets enable -path=keybroker kv
   

8. In the KBS config file, add the following Vault server information:

   VAULT_SERVER_IP=<vault server IP address>
   VAULT_SERVER_PORT=<vault port number; default 8200>
   VAULT_CLIENT_TOKEN=<vault root token>