Register the cf-hsm.io Service Broker

Page last updated: May 25, 2016.

Before using the cf-hsm.io service in your app, you will need to register the cf-hsm.io service broker in the Cloud Foundry environment. This guide covers the steps needed to complete the registration process.

Baseline and Pre-requisites

  • You are using cf CLI v6.16 or later
  • You are authenticated with Cloud Foundry as an admin user or as a space developer.
  • You are using a private deployment of Pivotal Cloud Foundry. Note: This service broker does not work on Pivotal Web Services
  • You are testing or developing your applications.

Getting Your API Key, Secret, and Endpoint

Access to the cf-hsm.io service is controlled by an API key, secret, and endpoint that is unique to each account. To get your unique credentials, click on LOG IN in the top right of the homepage, or browse to LOG IN.
log_in_highlight

Sign up and log in options include: Github, Twitter or registering an email address.

On successful sign up, you will be returned to the home page, and the LOG IN link will be replaced by MY ACCOUNT.
my_account_highlight

Click on MY ACCOUNT, and your API key, API secret, and endpoint will be displayed.

cf-hsm_api_creds
Note:
This page is also where you can logout of the service.

Register the Service Broker

To register the cf-hsm.io service broker, you will need to use the cf CLI (v6.16 or later). Registering the service broker causes the Cloud Foundry cloud controller to fetch and validate the catalog from the cf-hsm.io broker, and save the catalog to the cloud controller database.

Because of the sensitive data used in the command, you may choose to turn off ~/.bash_history before executing this command. In Linux this is done with the command:

set +o history       # turn off .bash-history

And completing the command, ~/.bash_history is re-enabled with the command:

set -o history       # turn on .bash-history

The service broker is register using:

$ cf create-service-broker <myBrokerName> <apiKey> <apiSecret> <apiEndPoint>

For example:

$ cf create-service-broker hsm-service-broker kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss https://servicebroker.apps.cf-hsm.io/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx

To enable access to the newly registered service broker, use:

$ cf enable-service-access hsm

Test the Service Availability

To confirm that the service broker has been successfully registered, use:

$ cf marketplace
Getting services form marketplace in org borg / space development as joe...
OK

name    service   plan    bound apps   last operation
mydb    p-mysql   100mb                create succeeded
myhsm   hsm       demo                 create succeeded

Sometimes creating the HSM service instance and crypto services on the HSM can take a few minutes. While the crypto services are being created, you will see:

name    service   plan    bound apps   last operation
...
myhsm   hsm       demo                 create in progress

If you have tested this process in other Cloud Foundry environments, please let us know your results. We would love to hear from you.