Step 3: Create Scopes and Rules
Explains how to setup Scopes and Rules.
Scopes partition KMIP managed object storage into multiple named buckets, while Roles in the KMIP secrets engine determine the set of KMIP operations that KMIP clients are allowed to perform.
- Create a Scope. In this example, it is named
mapr
.$ vault write -f kmip/scope/mapr
- Create a new Role under the example Scope
mapr
. Name the Rolemaprkmipclient1
.$ vault write kmip/scope/mapr/role/maprkmipclient1 operation_all=true
The Role should be displayed as follows:
$ vault read kmip/scope/mapr/role/maprkmipclient1
Key Value
--- -----
operation_all true
tls_client_key_bits 0
tls_client_key_ttl 0s
tls_client_key_type n/a