IBM Key Protect

From OSNEXUS Online Documentation Site
Jump to: navigation, search


DEPRECATED: Note that QuantaStor's support for IBM Key Protect has been replaced with general support for all KMIP 1.x, 2.x and 3.x compliant KMIP servers from IBM and other vendors.


IBM Key Protect for IBM Cloud helps you provision encrypted keys for apps across IBM Cloud services. Key Protect is a cloud-based security service that provides life cycle management for encryption keys that are used in IBM Cloud services or customer-built applications. Key Protect provides roots of trust (RoT), backed by a hardware security module (HSM). As you manage the lifecycle of your keys, you can benefit from knowing that your keys are secured by FIPS 140-2 Level 3 certified cloud-based hardware security modules (HSMs) that protect against the theft of information. IBM Key Protect is integrated into QuantaStor 5.4 for storage pool encryption.

How to Create an Encrypted Storage Pool with IBM Key Protect

Before encrypting storage pools in QuantaStor with Key Protect, you must provision keys from the IBM Key Protect dashboard. After the keys have been provisioned from the Key Protect Dashboard, copy and save the service_api_key and keyvault_instance_id for use in QuantaStor.

Next, under the Storage Management tab, click Register Key Vault using your Key Protect credentials and enter your service_api_key and keyvault_instance_id:

Register IBM Key Protect Credentials

Create a storage pool and select the Raid type and disks, then click Next.

Create Storage Pool

Under the Encryption tab, click Enable Encryption and select Encryption with Key Vault Profile Keys. Click on the Refresh button.

Encryption with Key Vault Profile Keys

Select any of the Root Keys and Click OK.

Select Root Keys

You will now see your Storage Pool secured with IBM Key Protect.

Pool Secured with IBM Key Protect