KMIP Engine general query

Hello,

I am interested to know more about the KMIP engine which was added since 1.2.

I looked at the steps in the tutorial about how to setup the KMIP engine, with regarding to the KMIP listener, can you answer my queries:

  1. After I enable KMIP engine, KMIP Listener port is 5696, is the KMIP listener working only on the raw TCP port, or also working on top of the https?
  2. Any example in the hashicorp about how to interact with this KMIP port, such as get a secret?

Thanks.

Do you have an answer on this?

Hi,

did you already see this: KMIP Secrets Engine | Vault - HashiCorp Learn
the kmip protocol uses port 5696, I didn’t check it, but I would assume the connection uses TLS.
To interact with KMIP you will need to use an client that speaks the protocol. See the tutorials.

Maybe you can make sense of these two :

What Vault supports: KMIP - Profiles Support | Vault | HashiCorp Developer
What that version of protocol is : Key Management Interoperability Protocol Profiles Version 1.4

I don’t believe it support HTTP transport. Two connection test when I try and validate - the first is to openssl to see if we get a stable connection. THe messages will tell you if the connection failed or not. It will autoclose - as we are not sending anything - but it will show you that the mTLS connection happened. :

echo | openssl s_client -connect vault:5696 -key ./tls/key.pem -cert ./tls/cert.pem -CAfile ./tls/ca_chain.pem

The other is to use the Python lib PyKMIP - so far, I’m just connect and “doing something” - I have not gone further into the rabbit hole.