Connect to a Keystore

Before you can enroll your applications, add databases and enable encryption, you must enroll your Keystore so Baffle Manager can access and/or create data encryption keys (DEKs) that will be used to protect your data. 

Baffle Data Protection Services supports various Keystore vendors using industry standard protocols such as KMIP, PKCS#11, and REST APIs. Follow the steps below to enroll a Keystore for use with Baffle Shields and databases. 

The general procedure for connecting to a keystore is the same for all platforms.

To connect to the keystore, do the following:

  1. Display a list of configured keystores. After logging into Baffle Manager, click the key icon in the left navigation bar. If this is the first time you are enrolling a Keystore, there will only exist the “baffle_credential_store” that was created in the previous section. 

    Key_icon.png
  2. Click +KEYSTORE in the top right corner to add a new Keystore.

    Keystore__Keystore.png
  3. Enter a Keystore name and description.  
  4. Select the Keystore Type from the dropdown menu and enter respective credentials and parameters. NOTE: Keystore parameters are specific to each Keystore type or vendor. Each of the following keystores has a specific set of required credentials and parameters:
    LOCAL – follow instructions in step 5 on this page
    AWS KMS – click the link and follow the instructions 
    Azure Key Vault – click the link and follow the instructions
    – Cloud HSM  – fill in appropriate fields
    –  IBM Key Protect – click the link and follow the instructions
    – SafeNet KeySecure – fill in appropriate fields
    – Generic HSM – fill in appropriate fields
    –  HashiCorp Vault – click the link and follow the instructions
  5. To add a LOCAL keystore, do the following:
    a. Enter a Keystore Name of up to 30 characters.
    b. Enter a Description of up to 100 characters.
    c. From the Keystore Type drop-down menu, select LOCAL.
    d. Enter the Baffle Secret Key in the text field.
    NOTE: The Baffle Secret Key must contain at least 10 characters, a mixture of upper and lower case, including at least 1 number.
  6. Click Add Keystore.

Next Steps:

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.