Dinamo key stores - Amplia

observação

Dinamo key stores are compatible with all supported platforms

To store keys on a Dinamo HSM, use the following settings:

• Type: Dinamo
• Address: IP address or hostname of the HSM
• User and Password: credentials for an Operator or regular user (see below)

If you intend to use the HSM for storing CA keys, the credentials can be either for an Operator or a regular user.

If you intend to use the HSM for storing PIN-protected keys, typically combined with Lacuna's PSC module, the credentials must be for an Operator user.

Sample configuration (.ini or .conf file):

[KeyStores:MyDinamoHsm]
Type=Dinamo
Address=10.1.2.3
User=SOME_USER
Password=SOME_PASSWORD

Sample configuration (environment variables):

KeyStores__MyDinamoHsm__Type=Dinamo
KeyStores__MyDinamoHsm__Address=10.1.2.3
KeyStores__MyDinamoHsm__User=SOME_USER
KeyStores__MyDinamoHsm__Password=SOME_PASSWORD

Sample configuration (.json file):

"KeyStores": {
	"MyDinamoHsm": {
		"Type": "Dinamo",
		"Address": "10.1.2.3",
		"User": "SOME_USER",
		"Password": "SOME_PASSWORD"
	}
}

If you intend to use the HSM combined with Lacuna's PSC module, you must also set the environment variable HSM_DISABLE_SESSION_CACHE to 1. This cannot be done on the Amplia configuration file, it must be an environment variable. On Linux, this means adding the following to the /etc/systemd/system/amplia.service file:

[Service]
...
Environment=HSM_DISABLE_SESSION_CACHE=1

If the HSM is in operation modes RM1 or RM2, you must also set the environment variable HSM_DISABLE_LEGACY_OPERATIONS to 1. This cannot be done on the Amplia configuration file, it must be an environment variable. On Linux, this means adding the following to the /etc/systemd/system/amplia.service file:

[Service]
...
Environment=HSM_DISABLE_LEGACY_OPERATIONS=1

See also

• Amplia - Key Stores
• Amplia on premises