Getting Started with Fortanix Self-Defending KMS

Sign up for Fortanix Self-Defending Key Management Service

Create an account

Use your credentials to log in to Fortanix Self-Defending KMS . Here you can create a new account, or accept an invitation to join another account. After entering an account, you can view and manage groups, users, applications, and security objects belonging to the account.

If you have a newly-created account, use the following steps to add your first group and application to Fortanix Self-Defending KMS .

For details on how to delete or disable an account click here.

Add a group

A group is a collection of security objects created by and accessible by users and applications which belong to the group. The user who creates a group automatically gets assigned the role of the group administrator. You can add more users to the group in the role of administrators or auditors. You can also add applications to the group to enable the applications to create and use security objects in that group.

To add a group, you may specify:

• The title of the group (required).
• A short description for the group (required).
• Users in your account as members.
• Applications in your account to add to the group so that they can use the security objects in the group.
• Add a quorum approval policy (optional).  A group administrator may enable a quorum approval policy on a group, which mandates that all security sensitive operations in that group would require a quorum approval.

Add an application

An application can use Fortanix Self-Defending KMS to generate, store, and use security objects, such as cryptographic keys, certificates, or an arbitrary secret. Examples of applications include web servers, PKI servers, key vaults, etc. An application can interact with Fortanix Self-Defending KMS using the REST APIs or using the PKCS#11, JCE, or CNG providers.

To add an application, you may specify:

• Name of the application (required).
• Type of the application. You can either choose from one of the types of application supported and tested by Fortanix Self-Defending KMS (e.g, NGINX, Apache, etc.), or leave this empty if adding a custom application.
• A short description for the application.
• Optionally, a certificate to authenticate the application. If no certificate is provided, Fortanix Self-Defending KMS will generate an API key that the application can use for authentication.
• The group(s) to which the application belongs.

Once the application has been added, you can use either the API key or the certificate to authenticate the application to Fortanix Self-Defending KMS and start making calls to do cryptographic operations.

Using Fortanix Self-Defending KMS from an application

Documentation for the Fortanix Self-Defending KMS APIs is available at https://www.fortanix.com/api. An application can either call them directly, or use them through the following clients available for download at Fortanix Self-Defending KMS Resources:

• Fortanix Self-Defending KMS Software Development Kit for Java
• PKCS#11 Library
• Microsoft CNG Key Storage Provider
• JCE Provider
• Command Line Client written in Python