Configuration

When SKC is running interactively it does not require that the service is running to add/edit/delete keys, providers or users. SKC accesses the encrypted database directly. If SKC is also running as a service then it is reccomended that the service be restarted if chnages have been made to the database.

SKC runs as both a host service and also as a client. The previous topic showed how to run SKC as a service, to run it as a client run SKC with the following parameters. (If SKC is running on the default ports then just run it with no parameters) It is important to note that the client accesses the SKC database file directly for most configuration functions and therefore the client needs to be run on the same host as the service. The client must also be run in the same directory as the service or the -db parameter will need to be used to specify the location of the database file.

skc -p 8443 -mp 8080

Where -p is the port that you set the SKC service toi run on, and -mp is the management port.

If this is the first time then you will be prompted to enter a password of a minimum of 10 chracters. You will also need to enter a database key and cache size. The defaults are usually ok.

Before we can use SKC we need to configure at least one Key Management Solution (KMS) provider at a minimum. A provider provides a Key Encryption Key (KEK) to ensure that the Data Encryption Key (DEK) is encrypted appropriately.

As an example we will show how to configure SKC using an Amazon KMS provider.

First follow these instructions for creating an AWS KMS key within AWS.

[Configuring an AWS KMS provider](https://github.com/Senetas/SKC/wiki/Configuring-an-AWS-KMS-provider)

You will need to remember the following pieces of information:

1. The region you created the key in

2. The AWS Key

3. The AWS Secret

4. The Key ID

First select 3. Manage -> 3. Providers -> 2. Add -> 1. Add AWS KMS

Add an ID for your provider. This must be unique to this provider.

Add a description.

Select the region the key was created in. A list of regions and their names are:

US East (Ohio)                    us-east-2
US East (N. Virginia)             us-east-1
US West (N. California)           us-west-1
US West (Oregon)                  us-west-2
Africa (Cape Town)                af-south-1
Asia Pacific (Hong Kong)          ap-east-1
Asia Pacific (Mumbai)             ap-south-1
Asia Pacific (Osaka-Local)        ap-northeast-3
Asia Pacific (Seoul)              ap-northeast-2
Asia Pacific (Singapore)          ap-southeast-1
Asia Pacific (Sydney)             ap-southeast-2
Asia Pacific (Tokyo)              ap-northeast-1
Canada (Central)                  ca-central-1
China (Beijing)                   cn-north-1
China (Ningxia)                   cn-northwest-1
Europe (Frankfurt)                eu-central-1
Europe (Ireland)                  eu-west-1
Europe (London)                   eu-west-2
Europe (Milan)                    eu-south-1
Europe (Paris)                    eu-west-3
Europe (Stockholm)                eu-north-1
Middle East (Bahrain)             me-south-1
South America (São Paulo)         sa-east-1

Enter the AWS Account Key

Enter the AWS Account secret

Enter the priority of this provider.

Enter the default KMS Key ID. This is the key that is used by default for all encrypt requests to this provider unless a specific key name is provided for the encrypt operation.

Multiple key alias mappings can be done to map a key alias to a key ID, however, only one is required.

Optional arbitrary Tags may be entered as extra metadata at this point.

If all of these details are correct select 1. True.

SKC is now configured with the minimum of 1 provider!