Release Package
The release package is provided in .tar.gz
format and has the following contents
OpenAPI specifications
The API specification documents for the RESTful web services follow v3 of the OpenAPI specification.
-
api/hsm-mgmt.yml
defines the HSM Management API -
api/sw-mgmt.yml
defines the Security World Management API
Helm charts
The KeySafe 5 Kubernetes-based deployment consists of 3 Helm charts:
-
helm-charts/nshield-keysafe5-backend-1.0.0.tgz
This installs the backend API services (HSM Management and Security World Management).
-
helm-charts/nshield-keysafe5-ui-1.0.0.tgz
This installs the graphical user interface for KeySafe 5.
-
helm-charts/nshield-keysafe5-istio-1.0.0.tgz
This configures an existing Istio Ingress Gateway to allow external access (routing and authentication) to the services deployed by the other two Helm charts.
This split enables you to deploy the backend services only, if you do not need the UI, or the UI only, if you want to point it at some existing backend services already running elsewhere.
You can also use a different Kubernetes Ingress other than Istio if desired.
For more information on configuring and installing the Helm chart, see Helm Chart Installation.
Docker images
The Docker images are provided as tar archives.
You can load them into a local Docker image registry using the docker load
command, then push to a private container registry
For example:
$ docker load < docker-images/hsm-mgmt.tar
Loaded image: hsm-mgmt:1.0.0
$ docker tag hsm-mgmt:1.0.0 private.registry.local/keysafe5/hsm-mgmt:1.0.0
$ docker login private.registry.local
$ docker push private.registry.local/keysafe5/hsm-mgmt:1.0.0
The Docker images provided are:
-
docker-images/hsm-mgmt.tar
is the HSM Management service -
docker-images/sw-mgmt.tar
is the Security World Management service -
docker-images/ui.tar
is the KeySafe 5 user interface
These Docker images are intended to be deployed via the provided Helm charts. See the Helm chart configuration for details of how to configure and run each image.
KeySafe 5 agent installers
You can use the Linux and Windows installers provided to install the KeySafe 5 agent on nShield client machines. See KeySafe 5 Agent Installation for details on configuring and installing the agent.