IBM Key Protect
IBM Key Protect for IBM Cloud helps you provision encrypted keys for apps across IBM Cloud services. Key Protect is a cloud-based security service that provides life cycle management for encryption keys that are used in IBM Cloud services or customer-built applications. Key Protect provides roots of trust (RoT), backed by a hardware security module (HSM). As you manage the lifecycle of your keys, you can benefit from knowing that your keys are secured by FIPS 140-2 Level 3 certified cloud-based hardware security modules (HSMs) that protect against the theft of information. IBM Key Protect is integrated into QuantaStor 5.4 for storage pool encryption.
How to Create an Encrypted Storage Pool with IBM Key Protect
Before encrypting storage pools in QuantaStor with Key Protect, you must provision keys from the IBM Key Protect dashboard. After the keys have been provisioned from the Key Protect Dashboard, copy and save the service_api_key and keyvault_instance_id for use in QuantaStor.
Next, under the Storage Management tab, click Register Key Vault using your Key Protect credentials and enter your service_api_key and keyvault_instance_id:
Create a storage pool and select the Raid type and disks, then click Next.
Under the Encryption tab, click Enable Encryption and select Encryption with Key Vault Profile Keys. Click on the Refresh button.
Select any of the Root Keys and Click OK.
You will now see your Storage Pool secured with IBM Key Protect.