HardwareSecurityModuleGroup

Description

API


    POST /api/hardwaresecuritymodulegroup
    PUT /api/hardwaresecuritymodulegroup/<key>
    DELETE /api/hardwaresecuritymodulegroup/<key>
    GET /api/hardwaresecuritymodulegroup
    GET /api/hardwaresecuritymodulegroup/<key>

CLI


    configure hardwaresecuritymodulegroup <key>
    show hardwaresecuritymodulegroup <key>

Data

HardwareSecurityModuleGroup

uuid

Type
string
Category
required
Description
UUID of the HSM Group configuration object

name

Type
string
Category
required
Description
Name of the HSM Group configuration object

hsm

Type
HardwareSecurityModule
Category
required
Description
Hardware Security Module configuration

tenant_ref

Type
Reference to Tenant
Category
required
Description

HardwareSecurityModule

type

Type
enum
Category
required
Description
HSM type to use
Choices
HSM_TYPE_THALES_NETHSM, HSM_TYPE_SAFENET_LUNA

rfs

Type
HSMThalesRFS
Category
optional
Description
Thales Remote File Server (RFS), used for the netHSMs, configuration

nethsm

Type
HSMThalesNetHsm
Category
repeated
Description
Thales netHSM specific configuration

sluna

Type
HSMSafenetLuna
Category
optional
Description
Safenet/Gemalto Luna/Gem specific configuration

HSMThalesRFS

ip

Type
IpAddr
Category
required
Description
IP address of the RFS server from where to sync the Thales encrypted private key

port

Type
uint32
Category
optional
Description
Port at which the RFS server accepts the sync request from clients for Thales encrypted private key

IpAddr

addr

Type
string
Category
required
Description
IP address

type

Type
enum
Category
required
Description
Choices
V4, DNS

HSMThalesNetHsm

remote_ip

Type
IpAddr
Category
required
Description
IP address of the netHSM device

remote_port

Type
uint32
Category
optional
Description
Port at which the netHSM device accepts the connection

esn

Type
string
Category
required
Description
Electronic serial number of the netHSM device. Use Thales anonkneti utility to find the netHSM ESN

module_id

Type
uint32
Category
optional
Description
Local module id of the netHSM device
Default
0

keyhash

Type
string
Category
required
Description
Hash of the key that netHSM device uses to authenticate itself. Use Thales anonkneti utility to find the netHSM keyhash

priority

Type
uint32
Category
required
Description
Priority class of the nethsm in an high availability setup. 1 is the highest priority and 100 is the lowest priority
Default
100

HSMSafenetLuna

server

Type
HSMSafenetLunaServer
Category
repeated
Description
SafeNet/Gemalto HSM Servers used for crypto operations

is_ha

Type
bool
Category
required
Description
Set to indicate HA across more than one servers
Default
False

ha_group_num

Type
uint32
Category
optional,readonly
Description
Group Number of generated HA Group

node_info

Type
HSMSafenetClientInfo
Category
repeated
Description
Node specific information

server_pem

Type
string
Category
optional,readonly
Description
Generated File - server.pem

HSMSafenetLunaServer

remote_ip

Type
string
Category
required
Description
IP address of the Safenet/Gemalto HSM device

server_cert

Type
string
Category
required
Description
CA certificate of the server

partition_passwd

Type
string
Category
optional
Description
Password of the partition assigned to this client

HSMSafenetClientInfo

client_priv_key

Type
string
Category
optional
Description
Client Private Key generated by createCert

client_cert

Type
string
Category
optional
Description
Client Certificate generated by createCert

client_ip

Type
string
Category
required
Description
Name prepended to client key and certificate filename

chrystoki_conf

Type
string
Category
optional,readonly
Description
Generated File - Chrystoki.conf

References

Tenant

Sub Objects