Release Package

The release package is provided in .tar.gz format and has the following contents.

OpenAPI specifications

The API specification documents for the RESTful web services follow v3.0 of the OpenAPI specification.

  • api/agent-mgmt.yml defines the Agent Management API

  • api/codesafe-mgmt.yml defines the CodeSafe Management API

  • api/hsm-mgmt.yml defines the HSM Management API

  • api/licence-mgmt.yml defines the Licence Management API

  • api/monitoring-mgmt.yml defines the Monitoring Management API

  • api/sw-mgmt.yml defines the Security World Management API

KeySafe 5 Service Deployment

KeySafe 5 can be installed as a background service on a Unix or a Windows machine using the provided installers. See KeySafe 5 Service Deployment for details on configuring and installing the Service deployment.

  • keysafe5-service/keysafe5-server-1.7.0-Linux.tar.gz is the Linux KeySafe 5 Service installer.

  • keysafe5-service/keysafe5-server-1.7.0-windows.msi is the Windows KeySafe 5 Service installer.

KeySafe 5 Kubernetes Deployment

KeySafe 5 can be installed to a Kubernetes cluster using the provided Helm Charts. See KeySafe 5 Kubernetes Deployment for details on configuring and installing the Kubernetes deployment.

Helm charts

The KeySafe 5 Kubernetes-based deployment consists of the following Helm charts:

  • keysafe5-k8s/helm-charts/nshield-keysafe5-backend-1.7.0.tgz

    This installs the KeySafe 5 API services.

  • keysafe5-k8s/helm-charts/nshield-keysafe5-prometheus-1.7.0.tgz

    This installs Prometheus services.

  • keysafe5-k8s/helm-charts/nshield-keysafe5-alertmanager-1.7.0.tgz

    This installs Prometheus Alertmanager services.

  • keysafe5-k8s/helm-charts/nshield-keysafe5-ui-1.7.0.tgz

    This installs the graphical user interface for KeySafe 5.

  • keysafe5-k8s/helm-charts/nshield-keysafe5-istio-1.7.0.tgz

    This configures an existing Istio Ingress Gateway to allow external access (routing and authentication) to the services deployed by the previous two KeySafe 5 Helm charts.

This organisation enables you to deploy the backend services only, if you do not need the UI, or the UI only, if you want to point it at some existing backend services already running elsewhere.

You can also use a different Kubernetes Ingress other than Istio if desired.

For more information on configuring and installing the Helm chart, see Hardening The Deployment .

Docker images

The Docker images are provided as tar archives. You can load them into a local Docker image registry using the docker load command, then push to a private container registry.

For example:

docker load < keysafe5-k8s/docker-images/hsm-mgmt.tar
Loaded image: hsm-mgmt:1.7.0
docker tag hsm-mgmt:1.7.0 private.registry.local/keysafe5/hsm-mgmt:1.7.0
docker login private.registry.local
docker push private.registry.local/keysafe5/hsm-mgmt:1.7.0

The Docker images provided are:

  • keysafe5-k8s/docker-images/agent-mgmt.tar is the KeySafe 5 Agent Management service

  • keysafe5-k8s/docker-images/alertmanager.tar is the Prometheus Alertmanager service

  • keysafe5-k8s/docker-images/alert-manager-sidecar.tar is the Alertmanager sidecar

  • keysafe5-k8s/docker-images/codesafe-mgmt.tar is the KeySafe 5 CodeSafe Management service

  • keysafe5-k8s/docker-images/hsm-mgmt.tar is the KeySafe 5 HSM Management service

  • keysafe5-k8s/docker-images/licence-mgmt.tar is the Licence Management service

  • keysafe5-k8s/docker-images/monitoring-mgmt.tar is the Monitoring Management service

  • keysafe5-k8s/docker-images/prometheus.tar is the Prometheus service

  • keysafe5-k8s/docker-images/sw-mgmt.tar is the KeySafe 5 Security World Management service

  • keysafe5-k8s/docker-images/ui.tar is the KeySafe 5 user interface

These Docker images are intended to be deployed via the provided Helm charts. See the Helm chart configuration for details of how to configure and run each image.

KeySafe 5 agent installers

You can use the Linux and Windows KeySafe 5 agent installers provided to install the KeySafe 5 agent on nShield client machines. See Installation for details on configuring and installing the agent.

  • keysafe5-agent/keysafe5-1.7.0-Linux-keysafe5-agent.tar.gz is the Linux KeySafe 5 Agent installer.

  • keysafe5-agent/keysafe5-agent.msi is the Windows KeySafe 5 Agent installer.