1.0 Introduction
This article describes how to integrate Fortanix-Data-Security-Manager (DSM) with ShardSecure.
2.0 Prerequisites
Download and install Fortanix DSM PKCS#11 library. For more information, refer to the PKCS#11 Library.
3.0 Configure Fortanix DSM
A Fortanix DSM service must be configured, and the URL must be accessible. To create a Fortanix DSM account and group, refer to the following sections:
3.1 Signing Up
To get started with the Fortanix DSM cloud service, you must register an account at <Your_DSM_Service_URL>. For example, https://eu.smartkey.io.
For detailed steps on how to set up the Fortanix DSM, refer to the User's Guide: Sign Up for Fortanix Data Security Manager SaaS documentation.
3.2 Creating an Account
Access <Your_DSM_Service_URL> in a web browser and enter your credentials to log in to Fortanix DSM.
.png?sv=2022-11-02&spr=https&st=2025-06-20T01%3A50%3A11Z&se=2025-06-20T02%3A03%3A11Z&sr=c&sp=r&sig=sZ3UJP4Uypsmtju8UlWO6%2B36ZFcYIez6j4NHETwTqZ0%3D)
Figure 1: Logging in
For more information on how to set up an account in Fortanix DSM, refer to the User's Guide: Getting Started with Fortanix Data Security Manager - UI.
3.3 Creating a Group
Perform the following steps to create a group in the Fortanix DSM:
In the DSM left navigation panel, click the Groups menu item, and then click the + button to create a new group.
.png?sv=2022-11-02&spr=https&st=2025-06-20T01%3A50%3A11Z&se=2025-06-20T02%3A03%3A11Z&sr=c&sp=r&sig=sZ3UJP4Uypsmtju8UlWO6%2B36ZFcYIez6j4NHETwTqZ0%3D)
Figure 2: Add groups
On the Adding new group page, do the following:
Title: Enter a name for your group.
Description (optional): Enter a short description of the group.
Click SAVE to create the new group.
The new group is added to the Fortanix DSM successfully.
3.4 Creating an Application
Perform the following steps to create an application (app) in the Fortanix DSM:
In the DSM left navigation panel, click the Apps menu item, and then click the + button to create a new app.
.png?sv=2022-11-02&spr=https&st=2025-06-20T01%3A50%3A11Z&se=2025-06-20T02%3A03%3A11Z&sr=c&sp=r&sig=sZ3UJP4Uypsmtju8UlWO6%2B36ZFcYIez6j4NHETwTqZ0%3D)
Figure 3: Add application
On the Adding new app page, do the following:
App name: Enter the name for your application.
ADD DESCRIPTION (optional): Enter a short description of the application.
Authentication method: Select the default API Key as the authentication method from the drop down menu. For more information on these authentication methods, refer to the User's Guide: Authentication.
Assigning the new app to groups: Select the group created in Section 3.3: Creating a Group from the list.
Click SAVE to add the new application.
The new application is added to the Fortanix DSM successfully.
3.5 Copying the API Key
Perform the following steps to copy the API key from the Fortanix DSM:
In the DSM left navigation panel, click the Apps menu item, and then click the app created in Section 3.4: Creating an Application to go to the detailed view of the app.
On the INFO tab, click VIEW API KEY DETAILS.
From the API Key Details dialog box, copy the API Key of the app to use for
shardsecure.cluster.encryption.hsm.passwordparameter in theapplication.propertiesconfiguration.
3.6 Creating a Security Object
Perform the following steps to generate an AES key in the Fortanix DSM:
In the DSM left navigation panel, click the Security Objects menu item, and then click the + button to create a new security object.
.png?sv=2022-11-02&spr=https&st=2025-06-20T01%3A50%3A11Z&se=2025-06-20T02%3A03%3A11Z&sr=c&sp=r&sig=sZ3UJP4Uypsmtju8UlWO6%2B36ZFcYIez6j4NHETwTqZ0%3D)
Figure 4: Adding security object
On the Add new Security Object page, do the following:
Security Object Name: Enter the name for your security object. For example, cluster.master.key.
Group: Select the group as created in Section 3.3: Creating a Group.
Select the GENERATE radio button.
In the Choose a type section, select the AES key type.
In the Key Size section, select the size of the key in bits. Keep it as 256 bits.
In the Key operations permitted section, select all the operations to define the actions that can be performed with the cryptographic keys, except Export.
Click GENERATE to create the new security object.
The new security object is added to the Fortanix DSM successfully.
4.0 Create a Configuration File for PKCS#11
Perform the following steps to create a new configuration file for PKCS#11:
Create a new configuration file for the Fortanix DSM PKCS#11 configuration.
Place the configuration file in the ShardSecure configuration directory.
Add the name of this file to properties as the parameter
shardsecure.cluster.encryption.hsm.configfile.
For example,shardsecure.cluster.encryption.hsm.configfile=fortanix.cfg.
In this example, the Fortanix PKCS#11 module has been installed at the path/opt/fortanix/pkcs11/fortanix_pkcs11.so.
The slot number is not critical in the Fortanix configuration, and you may leave it as displayed in the following example:
name = FortanixHSM
library = /opt/fortanix/pkcs11/fortanix_pkcs11.so
slot = 0
attributes(generate, *, *) = {
CKA_TOKEN = true
}
attributes(*, CKO_CERTIFICATE, *) = {
CKA_PRIVATE = false
}
attributes(*, CKO_PUBLIC_KEY, *) = {
CKA_PRIVATE = false
}