Skip to content

Quick start

To quick-start a Cosmian KMS server on http://localhost:9998 that stores its data inside the container, run the following command:

docker run -p 9998:9998 --name kms ghcr.io/cosmian/kms:latest

To run a KMS where the database will survive restarts, run:

docker run  -p 9998:9998 --name kms --volume cosmian-kms:/cosmian-kms  ghcr.io/cosmian/kms:latest

Please note that if you want to use the KMIP wire protocol, you need to configure TLS and the socket server using the server configuration file first.

If you do not have Docker available, install a Cosmian KMS server as described in installation guide:

Using the Web UI

Open your web browser and navigate to http://localhost:9998/ui to access the GUI.

Cosmian KMS UI
Figure 1: Cosmian KMS UI

Using the CLI

Get the Cosmian CLI from Cosmian packages. You can then easily manage the server:

  1. Create a 256-bit symmetric key

    cosmian kms sym keys create --number-of-bits 256 --algorithm aes --tag my-file-key

The symmetric key was successfully generated.
      Unique identifier: 87e9e2a8-4538-4701-aa8c-e3af94e44a9e

  2. Encrypt the image.png file with AES GCM using the key

    cosmian kms sym encrypt --tag my-file-key --output-file image.enc image.png

The encrypted file is available at "image.enc"

  3. Decrypt the image.enc file using the key

    cosmian kms sym decrypt --tag my-file-key --output-file image2.png image.enc

The decrypted file is available at "image2.png"

© Copyright 2018-2024 Cosmian. All rights reserved.