Deploying in replicated mode
Replicated mode offers high availability through redundancy and load-balancing.
The KMS servers are stateless, so they can simply be scaled horizontally by connecting them to the same database and fronting them with a load balancer.
Selecting the database¶
The KMS server has support for PostgreSQL, Maria DB, MySQL databases, as well as Redis-with-Findex (see below).
- PostgreSQL, use
- MySQL or MariaDB, use
- Redis-with-Findex, use
Setting up a PostgreSQL database
Before running the server, a dedicated database with a dedicated user should be created on the PostgreSQL instance. These sample instructions create a database called
kms owned by a user
kms_user with password
Connect to psql under user
Using a certificate to authenticate to MySQL or Maria DB¶
Use a certificate to authenticate to MySQL or Maria DB with the
--mysql-user-cert-file option. Specify the certificate file name and mount the file to docker.
Say the certificate is called
cert.p12 and is in a directory called
/certificate on the host disk.
Redis with Findex¶
Redis-with-Findex makes the Cosmian KMS an excellent choice for a KMS in a zero-trust environment.
Redis with Findex offers the ability to use Redis as a database with application-level encryption: all data is encrypted by the KMS before being sent to Redis.
Findex is a Cosmian cryptographic algorithm used to build encrypted indexes on encrypted data. This allows the KMS to perform fast encrypted queries on encrypted data. Findex indexes are also stored in Redis.
Redis-with-Findex is most useful when the KMS is used inside a confidential VM or in an enclave. In this case, the secret used to encrypt the Redis data is protected by the VM or enclave and cannot be recovered at runtime by inspecting the machine memory.
As with the other databases, the Redis-with-Findex database mode is stateless and can be scaled horizontally.
redis-master-password is the password from which a key will be derived (using Argon 2) to encrypt the Redis data and indexes.
redis-findex-label is a public arbitrary label that can be changed to rotate the Findex ciphertexts without changing the password/key.