Implement Zero Knowledge

Read here to learn about Zero Knowledge Encryption and Distributed Fragments Cryptography .

Generate your customer fragment:



It is the client's responsibility to back up the customer fragment.
Keys that were created with a customer fragment cannot be reconstructed without it, and all information that is encrypted with them will not be recoverable if the customer fragment is lost.
In order to use the generated customer fragment, it must be saved in safe and secured place.

To apply your Customer Fragment, please follow the instructions on how to inject them manually into your Akeyless GW deployment.

Make sure to download and save your customer fragment in a safe place.



To work with Akeyless Customer Fragments, you should use the Akeyless UI for your Akeyless GW on port 18888

Browse to Akeyless UI: 'https://Your-AKEYLESS-GW-URL:18888' .

And create a key with a customer fragment:

You can create your customer fragment from Akeyless CLI as well:

$ akeyless gen-customer-fragment --description MyFirstCF 

The following json contains the newly generated customer fragment:
    "customer_fragments": [
            "id": "cf-et8u.....b3iw7",
            "value": "qrm0YoYSHb0j...JKb/zZmU8..yj4Ja/h/pa..Fvu4Esw==",
            "description": "MyFirstCF"

In order to use the generated customer fragment, it must be saved in your Akeyless CLI folder /.akeyless/customer_fragments.json

After saving this fragment, you can generate your keys with this fragment:

akeyless create-key -n MyKeyWithMyCF -a RSA2048 -f <Your CF Id> 
Encryption Key Fragment #0 created successfully in 1.451µs milliseconds
Encryption Key Fragment #1 created successfully in 1.452µs milliseconds
A new RSA2048 key named MyKeyWithMyCF was successfully created



Working with Customer Fragments from CLI can be use as a stand alone end point.
To apply this Customer Fragment into your Akeyless GW please make sure to add them to your customer_fragments.json file.

Maintating your Customer Fragments

While working with Akeyless Customer Fragments, you will have to apply them manually to your Akeyless GW deployment.

In case you are working with helm please follow the helm deployment guide.



Make sure you have a copy of your customer_fragments.json file in a safe place.

To add manually any new Customer Fragment that was generated by CLI please add the new Id, Value pair to your customer_fragments.json file inside your container.

docker exec -it akeyless-gw /bin/bash
cd .akeyless/ 
vi customer_fragments.json

After you save the file, please make sure to restart the api-gw container:

sudo docker restart akeyless-gw

Did this page help you?