Step 1: Enter KMS Details

In Step 1 (Enter KMS Details) of the Add a Key Management Server wizard, you provide details about the KMS or KMS cluster.

Procedure

  1. Select Configuration > System Settings > Key Management Server.
    The Key Management Server page appears with the Configuration Details tab selected.
    KMS Configuration Details No KMS
  2. Select Create.
    Step 1 (Enter KMS Details) of the Add a Key Management Server wizard appears.
    KMS Step 1 Enter KMS Details
  3. Enter the following information for the KMS and the StorageGRID client you configured in that KMS.
    Field Description
    KMS Display Name A descriptive name to help you identify this KMS. Must be between 1 and 64 characters.
    Key Name The exact key alias for the StorageGRID client in the KMS. Must be between 1 and 255 characters.
    Manages keys for The StorageGRID site that will be associated with this KMS. If possible, you should configure any site-specific key management servers before configuring a default KMS that applies to all sites not managed by another KMS.
    • Select a site if this KMS will manage encryption keys for the appliance nodes at a specific site.
    • Select Sites not managed by another KMS (default KMS) to configure a default KMS that will apply to any sites that do not have a dedicated KMS and to any sites you add in subsequent expansions.
    Note: A validation error will occur when you save the KMS configuration if you select a site that was previously encrypted by the default KMS but you did not provide the current version of original encryption key to the new KMS.
    Port The port the KMS server uses for Key Management Interoperability Protocol (KMIP) communications. Defaults to 5696, which is the KMIP standard port.
    Hostname The fully qualified domain name or IP address for the KMS.
    Note: The SAN field of the server certificate must include the FQDN or IP address you enter here. Otherwise, StorageGRID will not be able to connect to the KMS or to all servers in a KMS cluster.
  4. If you are using a KMS cluster, select the plus sign Icon Plus Sign to add a hostname for each server in the cluster.
  5. Select Next.
    Step 2 (Upload Server Certificate) of the Add a Key Management Server wizard appears.