KMIP Vault Overview
You manage your KMIP configuration using the Cryptographic Security Platform Vault for KMIP.
KMIP (Key Management Interoperability Protocol) enables the secure creation and storage of keys and other security objects on a
key management server. Cryptographic Security Platform Vault includes a fully functional KMIP server that you can use to serve requests from external KMIP clients. The KMIP server is required if you want to use Cryptographic Security Platform Vault with servers encrypted by vSphere.
You can use KMIP with multiple vaults. This allows security administrators to isolate different KMIP environments for security and compliance.
-
Each KMIP vault has its own KMIP objects, client certificates, access policies, audit logs, Local User Accounts, Active Directory settings, and HSM root key label for KEK wrapping.
-
Each KMIP vault has access to their own Cryptographic Security Platform Vault for KMIP webGUI. Cryptographic Security Platform Vault-managed user accounts and Cryptographic Security Platform Vault Security Administrators do not have access to the Cryptographic Security Platform Vault for KMIP webGUI.
-
The KMIP vault supports Local User Authentication and Managed Authentication. If you create the vault with Local User Authentication, usernames and password of all users are stored in Cryptographic Security Platform Vault and the users can be managed in the Cryptographic Security Platform Vault for KMIP webGUI. With Managed Authentication, an external authentication service like Active Directory, OpenLDAP, or OIDC can be used.
Note: The Cryptographic Security Platform Vault for KMIP webGUI has an automatic timeout value of 15 minutes.
