Wallet Properties
This section lists and describes the wallet properties that defines the Hub System Encryption Wallet configuration. In the Command Line interface (CLI), the wallet properties can be set using the command hvrwalletconfig.
An array property and map property can store multiple values. The syntax for updating them from the Command Line Interface (CLI) varies.
Auto_Open
Argument: true
Description: If set to true, enables the auto-open hub wallet feature.
For more information, see section Methods for Supplying Wallet Password.
Encryption_Key_Created
Argument: timestamp
Description: Encryption key creation date and time.
This property is automatically defined by HVR and cannot be manually configured by a user.
Encryption_Key_Encrypted
KMS Wallet
Description: Encryption key encrypted using KMS.
This property is automatically defined by HVR and cannot be manually configured by a user.
Encryption_Key_History
Description: Historical record of old encryption keys (encrypted with the latest encryption key) in case they are needed for decrypting data encrypted with the old encryption keys. In particular, the record stores data about all previous encryption keys: their sequence numbers, timestamps of when they were created and archived, and the actual key values.
For more information, see section History on page Hub System Encryption Wallet.
This is a map property that can store multiple values.
This property is automatically defined by HVR and cannot be manually configured by a user.
Encryption_Key_PKCS12
Description: Encryption key stored in base64 PKCS12 file encrypted using the software wallet password.
This property is automatically defined by HVR and cannot be manually configured by a user.
Encryption_Key_Sequence
Description: Unique sequence number of the encryption key. Every encryption key has a unique sequence number. At the same time, each encrypted secret contains its hub encryption key’s sequence number. This sequence number is used to find the correct encryption key for the encrypted secret.
This property is automatically defined by HVR and cannot be manually configured by a user.
Encryption_Password_Filename
Description: Name of a file in HVR_CONFIG/wallet containing the auto-open password.
This property is automatically defined by HVR and cannot be manually configured by a user.
KMS_Access_Key_Id
KMS Wallet
Argument: keyid
Description: KMS access key ID of the AWS user to access KMS. The corresponding AWS Secret Access Key should be used as a password of the HVR Hub wallet.
For example: KMS_Access_Key_Id=AKIAJDRSJY123QWERTY
This property cannot be used with KMS_IAM_Role
KMS_Customer_Master_Key_Id
KMS Wallet
Argument: keyid
Description: Customer Master Key (CMK) ID that uniquely identifies CMK within your KMS region. CMK is used for encryption and decryption of the hub encryption key. For more information, refer to the AWS Documentation.
For example: KMS_Customer_Master_Key_Id=1234abcd-12ab-1234590ab
KMS_IAM_Role
KMS Wallet
Argument: role
Description: KMS IAM role. This defines how to retrieve Access Key ID/Secret Access Key from an EC2 node.
Using an IAM role does not require a wallet password. HVR fetches AWS credentials from the EC2 instance HVR Hub is running on.
This property cannot be used with KMS_Access_Key_Id.
KMS_Region
KMS Wallet
Argument: region
Description: KMS region where the KMS server is located.
For example: KMS_Region=eu-west-1
Type
Argument: type
Description: Type of the hub encryption wallet.
Valid values for type are (case-sensitive):
- DISABLED: the encryption wallet is disabled.
- SOFTWARE: the encryption wallet is a file that stores the encryption key.
- KMS: the encryption wallet is a network service (KMS) that encrypts the encryption key.
For a detailed description on the wallet types, see section Hub Wallet Types on page Hub System Encryption Wallet.