Key Manager Server

The following instructions install the minkms binary to your local host machine. You can use this binary for running Key Manager locally or connecting to an existing Key Manager deployment to perform management operations.

curl --progress-bar --retry 10 -L https://dl.min.io/aistor/minkms/release/linux-amd64/minkms -o minkms
chmod +x ./minkms
mv ./minkms /usr/local/bin/

curl --progress-bar --retry 10 -L https://dl.min.io/aistor/minkms/release/linux-arm64/minkms -o minkms
chmod +x ./minkms
mv ./minkms /usr/local/bin/

curl --progress-bar --retry 10 -L https://dl.min.io/aistor/minkms/release/darwin-arm64/minkms -o minkms
chmod +x ./minkms
mv ./minkms /usr/local/bin/

Once installed, set the following environment variables to allow the minkms process to communicate with the remote Key Manager server:

export MINIO_KMS_SERVER=https://keymanager-1.example.net:7373
export MINIO_KMS_API_KEY=k1:APIKEY

The APIKEY value should correspond to either the superuser API key or the enclave admin API key to perform administrative operations against an enclave.

The minkms process by default must validate the remote server certificate as part of establishing a connection. The process uses both the system trust store of Certificate Authorities and the content of the $HOME/.minkms/certs/CAs directory. Ensure either the trust store or the CAs directory contain the necessary root and intermediate certificates for validating the remote Key Manager host.