Installing and Configuring Dyadic EKM Service Broker for PCF

This topic describes how to activate Dyadic EKM Service Broker to serve your application in PCF Environment

If you have not already done so, please request the Dyadic Evaluation Package by completing this short form: https://info.dyadicsec.com/pivotal_eval_request

Install and Configure Dyadic EKM Service Broker for PCF

  1. Download the product file (“tile”) from Pivotal Network.

  2. Navigate to the Ops Manager Installation Dashboard and click Import a Product to upload the product file.

  3. Click Add next to the uploaded Dyadic EKM Service Broker for PCF tile in the Ops Manager Available Products view to add it to your staging area.

  4. Click the newly added Dyadic EKM tile.

  5. Complete the following fields using the information you received in the Evaluation License Package:

    • Client Private Key: The PFX certificate used for client authentication
    • Root CA certificate: The EKM root CA certificate used for server authentication
    • EKM Servers: Comma separated list of EKM Server addresses

     Dyadic EKM Service Broker config

  6. (Optional) Edit the Message Send Timeout, Message Receive Timeout (in milliseconds), and Message Retry Counter. In most cases, you can accept the default values.

  7. Click Save.

  8. Return to the Ops Manager Installation Dashboard and click Apply Changes to install the Dyadic EKM tile.

Bind Your App to the Dyadic EKM Service Broker for PCF

To use the Dyadic EKM Service Broker for crypto operations, follow these steps:

  1. Confirm that you have pushed your app using the Java Buildpack for CF:

    $ cf push APP-NAME .... -b java_buildpack

  2. Enable access to the service:

    $ cf enable-service-access dyadic-ekm

  3. Create EKM service instance:

    $ cf create-service dyadic-ekm default SERVICE-INSTANCE-NAME

  4. Bind your app to a service instance:

    $ cf bind-service APP-NAME SERVICE-INSTANCE-NAME

  5. Verify that the environments variables that are used by the Broker are correct:

    $ cf env APP-NAME

    In particular, examine the “credentials” and assert that its attributes and values match the one provided in the configuration step:

    System-Provided:
    {
    "VCAP_SERVICES": {
    "dyadic-ekm": [
    {
    "credentials": {
        "ca": "-----BEGIN CERTIFICATE----- xxxx
        "key": "Bag Attributes  xxxx  -----BEGIN CERTIFICATE----- xxxx
                Bag Attributes  xxxx  -----BEGIN ENCRYPTED PRIVATE KEY----- xxxx
        "recv_timeout": "20000",
        "retries": "2",
        "send_timeout": "10000",
        "servers": "52.174.3.129"
    

  6. If your app is running, restage it:

    $ cf restage APP-NAME

  7. If you haven’t run your app before, start it:

    $ cf start APP-NAME

Create a pull request or raise an issue on the source for this page in GitHub