Uninstall

Central platform

To fully remove the KeySafe 5 application from your Kubernetes cluster, use helm uninstall. This uninstalls all KeySafe 5 Helm charts.

You can use helm list to see which charts are installed. If you do not know the namespace, use --all-namespaces to show charts from all namespaces.

$ helm list -n nshieldkeysafe5 --short
keysafe5-alertmanager
keysafe5-backend
keysafe5-istio
keysafe5-prometheus
keysafe5-ui
mongo-chart

And to delete them:

helm uninstall keysafe5-alertmanager --namespace=nshieldkeysafe5
helm uninstall keysafe5-backend --namespace=nshieldkeysafe5
helm uninstall keysafe5-istio --namespace=nshieldkeysafe5
helm uninstall keysafe5-prometheus --namespace=nshieldkeysafe5
helm uninstall keysafe5-ui --namespace=nshieldkeysafe5
helm uninstall mongo-chart --namespace=mongons

KeySafe 5 application data remains in your MongoDB database after uninstalling the application. To clear this data from the database, remove the databases that were defined by agent_mgmt.dbName, codesafe_mgmt.dbName, hsm_mgmt.dbName, licence_mgmt.dbName`, monitoring_mgmt.dbName and sw_mgmt.dbName in the helm-keysafe5-backend chart.

Secrets

You can use kubectl get secrets to see the secrets.

kubectl get secrets --namespace=nshieldkeysafe5

And delete them:

kubectl --namespace=nshieldkeysafe5 delete secrets agentcomms-server-certificates
kubectl --namespace=nshieldkeysafe5 delete secret agentcomms-client-certificates
kubectl --namespace=nshieldkeysafe5 delete secret mongodb-demo-client-certificates

Volumes

You can use kubectl get pvc to see the persistent volumes.

kubectl get pvc --namespace=nshieldkeysafe5

And delete them

kubectl --namespace=nshieldkeysafe5 delete pvc prometheus-data-keysafe5
kubectl --namespace=nshieldkeysafe5 delete pvc data-nshield-keysafe5

KeySafe 5 agent

Before uninstalling the nShield KeySafe 5 agent, Entrust recommends that you back up any configuration files and certificates from the installation.

Linux

To remove the KeySafe 5 agent from a Linux host run the KeySafe 5 uninstaller:

sudo /opt/nfast/keysafe5/sbin/install -u

Then proceed to remove the following files and directories:

  • /opt/nfast/keysafe5/bin/ks5agenttls

  • /opt/nfast/keysafe5/conf/config.yaml.example

  • /opt/nfast/keysafe5/sbin/install

  • /opt/nfast/lib/versions/keysafe5-agent-atv.txt

  • /opt/nfast/sbin/keysafe5-agent

  • /opt/nfast/scripts/install.d/12keysafe5-agent

  • /opt/nfast/log/keysafe5-agent.log

The current configuration, stored in /opt/nfast/keysafe5/conf, may also be removed.

The agent log file will be located in a different location if you have changed the default value of logging.file.path in the agent configuration file.

If required, you can also remove the keysafe5d user that was created as part of the installation.

Windows

To remove the KeySafe 5 agent from a Windows host:

  1. Stop the KeySafe 5 agent service using Windows Service Manager.

  2. Open the Control Panel and select Programs and Features.

  3. Select the nShield KeySafe 5 Agent package.

  4. Select Uninstall and follow the on-screen instructions.

To remove any configuration files, delete the %NFAST_DATA_HOME%\keysafe5 directory and remove the log file located at C:\ProgramData\nCipher\Log Files\KeySafe5-agent.log

The agent log file will be located in a different location if you have changed the default value of logging.file.path in the agent configuration file.