KMIP Vault Overview
You manage your KMIP configuration using the KeyControl KMIP Vault.
KMIP (Key Management Interoperability Protocol) enables the secure creation and storage of keys and other security objects on a
key management server. KeyControl Vault includes a fully functional KMIP server that you can use to serve requests from external KMIP clients. The KMIP server is required if you want to use KeyControl Vault with servers encrypted by vSphere.
You can use KMIP with multiple vaults. This allows security administrators to isolate different KMIP environments for security and compliance.
-
Each KMIP vault has its own KMIP objects, client certificates, access policies, audit logs, Local User Accounts, Active Directory settings, and HSM root key label for KEK wrapping.
-
Each KMIP vault has access to their own KeyControl KMIP Vault webGUI. KeyControl Vault-managed user accounts and KeyControl Vault Security Administrators do not have access to the KeyControl KMIP Vault webGUI.
-
The KMIP vault supports Local User Authentication and Managed Authentication. If you create the vault with Local User Authentication, usernames and password of all users are stored in KeyControl Vault and the users can be managed in the KeyControl KMIP Vault webGUI. With Managed Authentication, an external authentication service like Active Directory, OpenLDAP, or OIDC can be used.
Note: The KeyControl KMIP Vault webGUI has an automatic timeout value of 15 minutes.
