Getting started with key_mgmt_util
AWS CloudHSM includes two command line tools with the AWS CloudHSM client software. The cloudhsm_mgmt_util tool includes commands to manage HSM users. The key_mgmt_util tool includes commands to manage keys. To get started with the key_mgmt_util command line tool, see the following topics.
If you encounter an error message or unexpected outcome for a command, see the Troubleshooting AWS CloudHSM topics for help. For details about the key_mgmt_util commands, see key_mgmt_util command reference.
Set up key_mgmt_util
Complete the following setup before you use key_mgmt_util.
Start the AWS CloudHSM client
Before you use key_mgmt_util, you must start the AWS CloudHSM client. The client is a daemon that establishes end-to-end encrypted communication with the HSMs in your cluster. The key_mgmt_util tool uses the client connection to communicate with the HSMs in your cluster. Without it, key_mgmt_util doesn't work.
To start the AWS CloudHSM client
Use the following command to start the AWS CloudHSM client.
Start key_mgmt_util
After you start the AWS CloudHSM client, use the following command to start key_mgmt_util.
The prompt changes to Command:
when key_mgmt_util is running.
If the command fails, such as returning a Daemon socket connection error
message, try
updating your configuration file.
Basic usage of key_mgmt_util
See the following topics for the basic usage of the key_mgmt_util tool.
Log in to the HSMs
Use the loginHSM command to log in to the HSMs. The following command
logs in as a crypto user (CU) named
example_user
. The output indicates a successful login
for all three HSMs in the cluster.
Command:
loginHSM -u CU -s example_user -p
<password>
Cfm3LoginHSM returned: 0x00 : HSM Return: SUCCESS Cluster Error Status Node id 0 and err state 0x00000000 : HSM Return: SUCCESS Node id 1 and err state 0x00000000 : HSM Return: SUCCESS Node id 2 and err state 0x00000000 : HSM Return: SUCCESS
The following shows the syntax for the loginHSM command.
Command:
loginHSM -u
<user type>
-s<username>
-p<password>
Log out from the HSMs
Use the logoutHSM command to log out from the HSMs.
Command:
logoutHSM
Cfm3LogoutHSM returned: 0x00 : HSM Return: SUCCESS Cluster Error Status Node id 0 and err state 0x00000000 : HSM Return: SUCCESS Node id 1 and err state 0x00000000 : HSM Return: SUCCESS Node id 2 and err state 0x00000000 : HSM Return: SUCCESS
Stop key_mgmt_util
Use the exit command to stop key_mgmt_util.
Command:
exit