ckms binary is a command line interface (CLI) used to manage cryptographic objects inside the KMS.
Please download the latest version of the CLI for your Operating System from the Cosmian public packages repository
The CLI expects a configuration file to be located at
~ is your home folder.
The configuration file is created automatically when the CLI is used for the first time with the following values
The configuration file should be edited manually to reflect the actual configuration of the KMS.
kms_server_urlis MANDATORY and is the URL of the KMS server
kms_access_tokenis OPTIONAL and is the access token used to authenticate to the KMS server.
ssl_client_pkcs12_path: is OPTIONAL and is the path to the PKCS12 file containing the client certificate and private key to use when authenticating to a KMS server using a certificate.
ssl_client_pkcs12_password: is OPTIONAL and is the password to open the PKCS12 file when authenticating to the KMS server using a certificate.
kms_database_secretis OPTIONAL and is the base 64 encoded secret to use when connecting to a KMS using an encrypted database
accept_invalid_certsis OPTIONAL and should be set to “true” to allow the CLI to connect to a KMS using an “invalid” certificate, such as a self-signed SSL certificate. Useful to run tests with a self-signed certificate.
verified_certcontains the verified PEM TLS certificate used for certificate pinning
Here is an example configuration with TLS authentication and an encrypted database:
Many usage examples are provided with descriptions of the various KMIP 2.1 operations.
The KMS GUI offers a graphical tool to configure and use the KMS CLI binary.
Please download the latest version of the KMS GUI for your Operating System from the Cosmian public packages repository