Initial Key Ceremony

Before deploying to production, the initial key ceremony should take place

Configure a keystore

To protect the keys, keystores (cloud or physical) should be configured. Follow the Administration Guide steps in Managing Keystores & Keys  Keystores in Stream to configure your Keystore.

Create keys

A key should be created for each Certification you wish to add. The keys can be generated externally, or using Stream.

Key creation steps depend on the type of keystore:

  • KMS:
    KMS keys can be created using Stream following the Administration Guide steps in Managing Keystores & Keys  Managing keys in Stream  Cloud KMS or directly in the KMS following your KMS documentation.

  • Software Keystore:
    Software keys can be created using Stream following the Administration Guide steps in Managing Keystores & Keys  Managing keys in Stream  Software keystore.

  • Hardware Security Module:
    HSM keys can be created using Stream following the Administration Guide steps in Managing Keystores & Keys  Managing keys in Stream  PKCS#11 HSM. Please note that extra steps may be required at HSM level depending on the model of HSM used.

Once the keys have been created, they should appear in the keystore on Stream after a refresh.

Create your Certification Authorities

Once keys have been created the Certification Authorities can be created following the Administration Guide steps in Managing Certification Authorities.