Data Governance Server Documentation Index
Configuration Reference Home

PKCS11 Key Manager Provider

The PKCS11 Key Manager Provider enables the server to access the private key information through the PKCS11 interface.

This standard interface is used by cryptographic accelerators and hardware security modules.

Parent Component
Properties
dsconfig Usage

Parent Component

The PKCS11 Key Manager Provider component inherits from the Key Manager Provider

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
↓ description  None
↓ enabled
↓ key-store-pin
↓ key-store-pin-file

Basic Properties

description

Description
A description for this Key Manager Provider
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the Key Manager Provider is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

key-store-pin

Description
Specifies the PIN needed to access the PKCS11 Key Manager Provider.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.

key-store-pin-file

Description
Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
No
Admin Action Required
None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.


dsconfig Usage

To list the configured Key Manager Providers:

dsconfig list-key-manager-providers
     [--property {propertyName}] ...

To view the configuration for an existing Key Manager Provider:

dsconfig get-key-manager-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Key Manager Provider:

dsconfig set-key-manager-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new PKCS11 Key Manager Provider:

dsconfig create-key-manager-provider
     --provider-name {name}
     --type pkcs11
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Key Manager Provider:

dsconfig delete-key-manager-provider
     --provider-name {name}