Release Package

The release package is provided in .tar.gz format and has the following contents

OpenAPI specifications

The API specification documents for the RESTful web services follow v3 of the OpenAPI specification.

  • api/hsm-mgmt.yml defines the HSM Management API

  • api/sw-mgmt.yml defines the Security World Management API

Helm charts

The KeySafe 5 Kubernetes-based deployment consists of 3 Helm charts:

  • helm-charts/nshield-keysafe5-backend-1.0.0.tgz

    This installs the backend API services (HSM Management and Security World Management).

  • helm-charts/nshield-keysafe5-ui-1.0.0.tgz

    This installs the graphical user interface for KeySafe 5.

  • helm-charts/nshield-keysafe5-istio-1.0.0.tgz

    This configures an existing Istio Ingress Gateway to allow external access (routing and authentication) to the services deployed by the other two Helm charts.

This split enables you to deploy the backend services only, if you do not need the UI, or the UI only, if you want to point it at some existing backend services already running elsewhere.

You can also use a different Kubernetes Ingress other than Istio if desired.

For more information on configuring and installing the Helm chart, see Helm Chart Installation.

Docker images

The Docker images are provided as tar archives. You can load them into a local Docker image registry using the docker load command, then push to a private container registry

For example:

$ docker load < docker-images/hsm-mgmt.tar
Loaded image: hsm-mgmt:1.0.0
$ docker tag hsm-mgmt:1.0.0 private.registry.local/keysafe5/hsm-mgmt:1.0.0
$ docker login private.registry.local
$ docker push private.registry.local/keysafe5/hsm-mgmt:1.0.0

The Docker images provided are:

  • docker-images/hsm-mgmt.tar is the HSM Management service

  • docker-images/sw-mgmt.tar is the Security World Management service

  • docker-images/ui.tar is the KeySafe 5 user interface

These Docker images are intended to be deployed via the provided Helm charts. See the Helm chart configuration for details of how to configure and run each image.

KeySafe 5 agent installers

You can use the Linux and Windows installers provided to install the KeySafe 5 agent on nShield client machines. See KeySafe 5 Agent Installation for details on configuring and installing the agent.