Registering a buckypaper plugin
Learn how to register a buckypaper plugin in a vHSM server.
The Buckypaper plugin is a secrets engine that provides a secure and efficient way to manage cryptographic keys within vHSM .
Prerequisites
Install Docker
Set the environment variable for
ENCLAIVE_LICENCE
Download the vHSM docker image
Download the vHSM CLl
To register a buckypaper plugin in a Docker container running vHSM:
Get the SHA of the plugin using:
docker run --rm -it --entrypoint sha256sum harbor.enclaive.cloud/vhsm/vhsm:latest /vault/plugins/vault-plugin-secrets-buckypaper
Create a
config.json
file that provides the path for the plugins directory.
Start the vHSM server with the configuration parameters that you defined in the
config.json
file.
The output is similar to:
In a different terminal, set the environment variable as
export VAULT_ADDR='http://127.0.0.1:8200'
and login using the root token for the vHSM server.In the following command ensure that you replace the SHA digest with the one that you made note after downloading the plugin binary to register the plugin.
The output is:
Verify that the plugin is listed in the vHSM server using the command:
vhsm plugin list
.Enable the buckypaper secret engine using the command:
vhsm secrets enable buckypaper
Verify that it is listed under secrets, using the command:
vhsm secrets list
The output is:
Last updated
Was this helpful?