Page last updated: May 25, 2016.
Before using the cf-hsm.io service in your app, you will need to register the cf-hsm.io service broker in the Cloud Foundry environment. This guide covers the steps needed to complete the registration process.
Baseline and Pre-requisites
- You are using cf CLI v6.16 or later
- You are authenticated with Cloud Foundry as an admin user or as a space developer.
- You are using a private deployment of Pivotal Cloud Foundry. Note: This service broker does not work on Pivotal Web Services
- You are testing or developing your applications.
Getting Your API Key, Secret, and Endpoint
Access to the cf-hsm.io service is controlled by an API key, secret, and endpoint that is unique to each account. To get your unique credentials, click on LOG IN in the top right of the homepage, or browse to LOG IN.
Sign up and log in options include: Github, Twitter or registering an email address.
On successful sign up, you will be returned to the home page, and the LOG IN link will be replaced by MY ACCOUNT.
Click on MY ACCOUNT, and your API key, API secret, and endpoint will be displayed.
Note: This page is also where you can logout of the service.
Register the Service Broker
To register the cf-hsm.io service broker, you will need to use the cf CLI (v6.16 or later). Registering the service broker causes the Cloud Foundry cloud controller to fetch and validate the catalog from the cf-hsm.io broker, and save the catalog to the cloud controller database.
Because of the sensitive data used in the command, you may choose to turn off ~/.bash_history before executing this command. In Linux this is done with the command:
set +o history # turn off .bash-history
And completing the command, ~/.bash_history is re-enabled with the command:
set -o history # turn on .bash-history
The service broker is register using:
$ cf create-service-broker <myBrokerName> <apiKey> <apiSecret> <apiEndPoint>
$ cf create-service-broker hsm-service-broker kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss https://servicebroker.apps.cf-hsm.io/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx
To enable access to the newly registered service broker, use:
$ cf enable-service-access hsm
Test the Service Availability
To confirm that the service broker has been successfully registered, use:
$ cf marketplace Getting services form marketplace in org borg / space development as joe... OK name service plan bound apps last operation mydb p-mysql 100mb create succeeded myhsm hsm demo create succeeded
Sometimes creating the HSM service instance and crypto services on the HSM can take a few minutes. While the crypto services are being created, you will see:
name service plan bound apps last operation ... myhsm hsm demo create in progress
If you have tested this process in other Cloud Foundry environments, please let us know your results. We would love to hear from you.