Skip to main content

Creating a Key Manager Client User

Prepare a Key Manager administrator account to be used as the client user. Commands executed via Key Manager clients are performed with the permissions granted to the client user. For granular auditability, it is recommended that each person who uses clients is given their own Key Manager account.

A Key Manager account must satisfy the following conditions before it can be used as a client user:

  • The account must be given the permission Connect through external API. The account will also need additional permissions depending on what management operations the client user is expected to perform.

  • The Key Manager account must have an email address.

    note

    Superuser accounts cannot be used as client users since they lack the permissions to access the API.

To create a new Key Manager admin account with the necessary permissions:

  1. Access the Key Manager web GUI by navigating to the address of the Key Manager front end. Log in as a user who has permissions to create and modify Key Manager accounts. For example, accounts that have the Administrators role can be used for this.

  2. On the Accounts→Accounts page, click Create New Account.

  3. Fill in the required information, including at least the credentials and an email address for the account. To provide the account with the required permissions for using Key Manager clients, select API Users under the Roles section. Also provide other roles depending on what the client user is expected to perform. Click Create to create the account.

To grant API access to an existing Key Manager admin account:

  1. Access the Key Manager web GUI by navigating to the address of the Key Manager front end. Log in as a user who has permissions to create and modify Key Manager accounts. For example, accounts that have the Administrators role can be used for this.

  2. On the Accounts→Accounts page, click the account for which you want to grant API access. Then to modify its permissions, click Edit in its details panel.

  3. Enter the email address of the account owner. To provide the account with the required permissions for using the Key Manager clients, select API Users under the Roles section. Also provide other roles depending on what the client user is expected to perform. Click Save.

More information about Key Manager accounts can be found in the Key Manager Administrator Manual.