Create users SO (Security Officer) and USR (the Crypto user) and initialize a slot.
The slot must be initialized using the p11tool2.
First, create the SO using p11tool2. Then, using the p11tool2 command, initialize the Slot you want to use and the slot user, as shown below.
-
# ./p11tool2 slot=<slot no.> Label=<token label> Login=ADMIN,ADMIN.key InitToken=<SO pin> -
Initialize the SO user
-
# ./p11tool2 slot=<slot no.> LoginSO=<SO pin> InitPin=<Cryptouser pin>
Make sure that the Utimaco GP HSM is accessible from the Kubernetes control plane.
The KMS plugin will generate the required key in the HSM.