Manage KMS using GUI

Explore procedures for managing Key Management System (KMS) integration with the WEKA system using the GUI.

Using the GUI, you can:

Configure a KMS

Configure the KMS of either HashiCorp Vault or KMIP within the WEKA system to encrypt filesystem keys securely.

Before you begin

Ensure the KMS is preconfigured, and the key and a valid token are readily available.

Procedure

  1. From the menu, select Configure > Cluster Settings.

  2. From the left pane, select Security.

  3. On the Security page, select Configure KMS.

  4. On the Configure KMS dialog, select the KMS type to deploy: HashiCorp Vault or KMIP.

  5. Set the connection properties according to the selected KMS type. Select the relevant tab for details:

To configure the HashiCorp Vault connection from the GUI, set the following properties.

  • Address: The KMS server address.

  • Key Identifier: The key name used to secure the filesystem keys.

  • Role ID: The Role ID for AppRole authentication, provided by the Vault administrator.

  • Secret ID: The Secret ID for AppRole authentication, provided by the Vault administrator.

  • Namespace: The namespace in Vault that identifies the logical partition for organizing data and policies. Namespace names must not end with /, avoid spaces, and refrain from using reserved names like root, sys, audit, auth, cubbyhole, and identity.

The GUI procedure configures HashiCorp Vault for per-filesystem encryption, which uses the AppRole authentication method. To configure cluster-wide encryption (using either a token or AppRole), use the CLI. See Configure the KMS.

HashiCorp Vault type configuration

  1. Select Save.

Related topics

Obtain an API token from the vault

Obtain a certificate for a KMIP-based KMS

View the KMS configuration

Procedure

  1. From the menu, select Configure > Cluster Settings.

  2. From the left pane, select Security. The Security page displays the configured KMS.

View the configured KMS

Update the KMS configuration

Update the KMS configuration in the WEKA system when changes occur in the KMS server details or cryptographic keys, ensuring seamless integration and continued secure filesystem key encryption.

If your system is upgraded to version 4.4.2 or higher, the Update KMS Configuration screen displays a configuration with the Token parameter. Reset the KMS configuration and configure it using the new Role ID and Secret ID parameters.

Procedure

  1. From the menu, select Configure > Cluster Settings.

  2. From the left pane, select Security.

  3. The Security page displays the configured KMS.

  4. Select Update KMS, and update the settings. For the parameter descriptions, see Configure a KMS.

  5. Select Save.

Reset the KMS configuration

Reseting a KMS configuration is possible only if no encrypted filesystems exist.

Procedure

  1. From the menu, select Configure > Cluster Settings.

  2. From the left pane, select Security.

  3. The Security page displays the configured KMS.

  4. Select Reset KMS.

  5. In the message that appears, select Yes to confirm the KMS configuration reset.

PreviousManage KMSNextManage KMS using CLI

Last updated