Installing the Stormshield KMaaS via a Docker image

• You must follow the ANSSI’s recommendations from the ANSSI-FT-082 document, relating to the deployment of Docker containers.

• You must set up a container orchestration environment (e.g., Kubernetes , Docker Swarm) to automatically manage replication, high availability and container life cycle. For a resilient installation, Stormshield recommends a minimum of 3 instances of the Stormshield KMaaS.

• The configuration of the container orchestrator depends on the technology used. Refer to your orchestrator's documentation for detailed installation steps and security best practices specific to your environment.

• Install Docker on each server where you want to run the Stormshield KMaaS. The minimum Docker version supported is 20.1.1. For more information, refer to the Install Docker Engine documentation.

You must contact Stormshield to get the Docker image.

The archive of the Stormshield KMaaS contains the following files:

• Load the image of the Stormshield KMaaS in Docker using the following command:

docker load --input stormshield-kmaas-<version>.tar

1. Create a dedicated directory to host your configuration, in which you copy the template files provided with the Docker image. Rename the files as follows:

   • config.json: configuration file of the Stormshield KMaaS,

   • keks.json: file containing the list of key encryption keys (KEK).

   In step Configuring the Stormshield KMaaS, you can edit these files directly in this directory.

2. Make sure that the directory containing the configuration files is available in the container through a volume or using your orchestrator's technology.

   For more information, please refer to your orchestrator documentation.

3. Ensure that the keks.json file and the private keys are made available in a secure way in the production environment.