Dinamo key stores - Amplia
Note
Dinamo key stores are compatible with all supported platforms
To store keys on a Dinamo HSM, use the following settings:
- Type:
Dinamo - Address: IP address or hostname of the HSM
- User and Password: credentials for an Operator or regular user (see below)
If you intend to use the HSM for storing CA keys, the credentials can be either for an Operator or a regular user.
If you intend to use the HSM for storing PIN-protected keys, typically combined with Lacuna's PSC module, the credentials must be for an Operator user.
Sample configuration (.ini or .conf file):
[KeyStores:MyDinamoHsm]
Type=Dinamo
Address=10.1.2.3
User=SOME_USER
Password=SOME_PASSWORD
Sample configuration (environment variables):
KeyStores__MyDinamoHsm__Type=Dinamo
KeyStores__MyDinamoHsm__Address=10.1.2.3
KeyStores__MyDinamoHsm__User=SOME_USER
KeyStores__MyDinamoHsm__Password=SOME_PASSWORD
Sample configuration (.json file):
"KeyStores": {
"MyDinamoHsm": {
"Type": "Dinamo",
"Address": "10.1.2.3",
"User": "SOME_USER",
"Password": "SOME_PASSWORD"
}
}
If you intend to use the HSM combined with Lacuna's PSC module, you must also set the environment variable HSM_DISABLE_SESSION_CACHE to 1. This cannot be done on the
Amplia configuration file, it must be an environment variable. On Linux, this means adding the following to the /etc/systemd/system/amplia.service file:
[Service]
...
Environment=HSM_DISABLE_SESSION_CACHE=1
If the HSM is in operation modes RM1 or RM2, you must also set the environment variable HSM_DISABLE_LEGACY_OPERATIONS to 1. This cannot be done on the
Amplia configuration file, it must be an environment variable. On Linux, this means adding the following to the /etc/systemd/system/amplia.service file:
[Service]
...
Environment=HSM_DISABLE_LEGACY_OPERATIONS=1