Ping Identity Data Governance Server - PKCS11 Key Manager Provider

Data Governance Server Documentation Index
Configuration Reference Home

PKCS11 Key Manager Provider

The PKCS11 Key Manager Provider enables the server to access the private key information through the PKCS11 interface.

This standard interface is used by cryptographic accelerators and hardware security modules.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The PKCS11 Key Manager Provider component inherits from the Key Manager Provider

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ key-store-pin
↓ key-store-pin-file

Basic Properties

description

Description	A description for this Key Manager Provider
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether the Key Manager Provider is enabled for use.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

key-store-pin

Description	Specifies the PIN needed to access the PKCS11 Key Manager Provider.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.

key-store-pin-file

Description	Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider.
Default Value	None
Allowed Values	A filesystem path
Multi-Valued	No
Required	No
Admin Action Required	None. Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.

dsconfig Usage

To list the configured Key Manager Providers:

dsconfig list-key-manager-providers
     [--property {propertyName}] ...

To view the configuration for an existing Key Manager Provider:

dsconfig get-key-manager-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Key Manager Provider:

dsconfig set-key-manager-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new PKCS11 Key Manager Provider:

dsconfig create-key-manager-provider
     --provider-name {name}
     --type pkcs11
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Key Manager Provider:

dsconfig delete-key-manager-provider
     --provider-name {name}