Before you can enroll your applications, add databases and enable encryption, you must enroll your Keystore so Baffle Manager can access and/or create data encryption keys (DEKs) that will be used to protect your data.
Baffle Data Protection Services supports various Keystore vendors using industry standard protocols such as KMIP, PKCS#11, and REST APIs. Follow the steps below to enroll a Keystore for use with Baffle Shields and databases.
The general procedure for connecting to a keystore is the same for all platforms.
To connect to the keystore, do the following:
- Display a list of configured keystores. After logging into Baffle Manager, click the key icon in the left navigation bar. If this is the first time you are enrolling a Keystore, there will only exist the “baffle_credential_store” that was created in the previous section.
- Click +KEYSTORE in the top right corner to add a new Keystore.
- Enter a Keystore name and description.
- Select the Keystore Type from the dropdown menu and enter respective credentials and parameters. NOTE: Keystore parameters are specific to each Keystore type or vendor. Each of the following keystores has a specific set of required credentials and parameters:
– LOCAL – follow instructions in step 5 on this page
– AWS KMS – click the link and follow the instructions
– Azure Key Vault – click the link and follow the instructions
– Cloud HSM – fill in appropriate fields
– IBM Key Protect – click the link and follow the instructions
– SafeNet KeySecure – fill in appropriate fields
– Generic HSM – fill in appropriate fields
– HashiCorp Vault – click the link and follow the instructions - To add a LOCAL keystore, do the following:
a. Enter a Keystore Name of up to 30 characters.
b. Enter a Description of up to 100 characters.
c. From the Keystore Type drop-down menu, select LOCAL.
d. Enter the Baffle Secret Key in the text field.
NOTE: The Baffle Secret Key must contain at least 10 characters, a mixture of upper and lower case, including at least 1 number. - Click Add Keystore.
Next Steps:
- Continue with Connect to a Data Store.
Comments
Please sign in to leave a comment.