vm broker ‐ kes ‐ fs - allanrogerr/public GitHub Wiki

On kes-server

ssh -p 20070 [email protected] -o "ServerAliveInterval=5" -o "ServerAliveCountMax=100000" -o "StrictHostKeyChecking=off"

In kes config_fs.yml modify keystore

address: 0.0.0.0:9073 # Listen on all network interfaces on port 9073

admin:
  identity: disabled
   
tls:
  key: private.key    # The KES server TLS private key
  cert: public.crt    # The KES server TLS certificate
   
policy:
  minio: 
    allow:
    - /v1/key/create/minio-key*
    - /v1/key/generate/minio-key*
    - /v1/key/decrypt/minio-key*
    - /v1/key/list/*
    - /v1/key/delete/*
    identities:
    - 83dbfcdba05cb3256eae72f5217ac4cbc6cf866f7a80927c1981901af6d9882c # Use the identity of your client.crt
   
keystore:
  fs:
    path: /tmp/keys # Choose a directory for the secret keys

Restart KES.

kes server --config config_fs.yml

vm broker ‐ kes ‐ fs - allanrogerr/public GitHub Wiki

On kes-server

In kes config_fs.yml modify keystore

Restart KES.

On minio instance `kes-minio.lab.min.dev`, create a new bucket and key

Test encryption

vm broker ‐ kes ‐ fs - allanrogerr/public GitHub Wiki

On kes-server

In kes config_fs.yml modify keystore

Restart KES.

On minio instance kes-minio.lab.min.dev, create a new bucket and key

Test encryption

On minio instance `kes-minio.lab.min.dev`, create a new bucket and key