Configure Guardian key label

3min
Perform the following tasks to configure the key label on the Guardian.
Create a role on the Guardian
1
Go to Identity Management > Roles, and select [ Add ] at the bottom of the page.
2
In the Info tab of the Role Editor window, set the role name, set the type to Application, and set the number of users required to log in (set this to 1 if you need only a single user).
3
In the Permissions tab, select the following permissions:
Permission
Subpermission 
﻿
Keys
Export
﻿
4
In the Advanced tab, select Balancer in the Allowed Ports drop-down list.
5
Select [ OK ] to finish creating the role.
Create an identity
1
Go to Identity Management > Identities, right-click anywhere, and select Add > Client Application.
2
In the Info tab, set a name for the identity and leave the storage location as Application. 
3
In the Assigned Roles tab, select the role you created in the previous section.
4
In the Authentication tab, select the API Key mechanism and select [ Remove ]. Select [ Add ] and configure a password for the identity. Then, select [ OK ].
Configure HSM group 
Allocate the correct Key Management group to the HSM group. To do so, follow these steps:
1
Right-click on the HSM group that accepts the transaction, select Settings, and go to the Misc Settings tab.
2
From the Key Label Group drop-down menu, choose the correct Key Management Group. (such as, KMES-1).
3
Deselect Lookup Key Labels on the Guardian.
4
Select [ Update Group Settings ].
5
Select [ Finish ].
﻿
Updated 14 Jul 2024
Did this page help you?
Key Labeling
Configure KMES key labels