Release Package

The release package is provided in .tar.gz format and has the following contents.

OpenAPI specifications

The API specification documents for the RESTful web services follow v3.0 of the OpenAPI specification.

  • api/agent-mgmt.yml defines the Agent Management API

  • api/codesafe-mgmt.yml defines the CodeSafe Management API

  • api/hsm-mgmt.yml defines the HSM Management API

  • api/sw-mgmt.yml defines the Security World Management API

KeySafe 5 Service Deployment

KeySafe 5 can be installed as a background service on a Unix or a Windows machine using the provided installers. See KeySafe 5 Service Deployment for details on configuring and installing the Service deployment.

  • keysafe5-service/keysafe5-server-1.5.0-Linux.tar.gz is the Linux KeySafe 5 Service installer.

  • keysafe5-service/keysafe5-server-1.5.0-windows.msi is the Windows KeySafe 5 Service installer.

KeySafe 5 Kubernetes Deployment

KeySafe 5 can be installed to a Kubernetes cluster using the provided Helm Charts. See KeySafe 5 Kubernetes Deployment for details on configuring and installing the Kubernetes deployment.

Helm charts

The KeySafe 5 Kubernetes-based deployment consists of the following Helm charts:

  • keysafe5-k8s/helm-charts/nshield-keysafe5-backend-1.5.0.tgz

    This installs the backend API services (Agent Management, CodeSafe Management, HSM Management and Security World Management).

  • keysafe5-k8s/helm-charts/nshield-keysafe5-ui-1.5.0.tgz

    This installs the graphical user interface for KeySafe 5.

  • keysafe5-k8s/helm-charts/nshield-keysafe5-istio-1.5.0.tgz

    This configures an existing Istio Ingress Gateway to allow external access (routing and authentication) to the services deployed by the previous two KeySafe 5 Helm charts.

  • keysafe5-k8s/helm-charts/bitnami-mongodb-17.0.0.tgz

    This installs Bitnami packaged MongoDB database server for use by the KeySafe 5 backend services.

This organisation enables you to deploy the backend services only, if you do not need the UI, or the UI only, if you want to point it at some existing backend services already running elsewhere.

You can also use a different Kubernetes Ingress other than Istio if desired.

For more information on configuring and installing the Helm chart, see Hardening The Deployment .

Docker images

The Docker images are provided as tar archives. You can load them into a local Docker image registry using the docker load command, then push to a private container registry.

For example:

docker load < keysafe5-k8s/docker-images/hsm-mgmt.tar
Loaded image: hsm-mgmt:1.5.0
docker tag hsm-mgmt:1.5.0 private.registry.local/keysafe5/hsm-mgmt:1.5.0
docker login private.registry.local
docker push private.registry.local/keysafe5/hsm-mgmt:1.5.0

The Docker images provided are:

  • keysafe5-k8s/docker-images/agent-mgmt.tar is the KeySafe 5 Agent Management service

  • keysafe5-k8s/docker-images/codesafe-mgmt.tar is the KeySafe 5 CodeSafe Management service

  • keysafe5-k8s/docker-images/hsm-mgmt.tar is the KeySafe 5 HSM Management service

  • keysafe5-k8s/docker-images/sw-mgmt.tar is the KeySafe 5 Security World Management service

  • keysafe5-k8s/docker-images/ui.tar is the KeySafe 5 user interface

  • keysafe5-k8s/docker-images/mongodb.tar is the Bitnami packaged MongoDB database server container

  • keysafe5-k8s/docker-images/nginx.tar is the Bitnami packaged NGINX container (used as an init container during Bitnami mongodb Helm Chart install)

These Docker images are intended to be deployed via the provided Helm charts. See the Helm chart configuration for details of how to configure and run each image.

KeySafe 5 agent installers

You can use the Linux and Windows KeySafe 5 agent installers provided to install the KeySafe 5 agent on nShield client machines. See Installation for details on configuring and installing the agent.

  • keysafe5-agent/keysafe5-1.5.0-Linux-keysafe5-agent.tar.gz is the Linux KeySafe 5 Agent installer.

  • keysafe5-agent/keysafe5-agent.msi is the Windows KeySafe 5 Agent installer.