Deploying the APM plugin

Setting the IPC lock capability

As a one-off step, the IPC lock capability must be set for the APM plugin to allow it to lock memory. This prevents memory containing sensitive data from being swapped out to disk. This can be set for the plugin using the following command:

$ sudo setcap cap_ipc_lock=+ep "${PWD}/bin/anjuna-policy-manager-plugin"

Registering the plugin

To register the APM plugin, use the following commands:

$ APM_SHA256=$(sha256sum "${PWD}/bin/anjuna-policy-manager-plugin" | cut -d' ' -f1)
$ docker exec -e VAULT_TOKEN -e VAULT_CACERT apm vault plugin register \
    -sha256="${APM_SHA256}" \
    -command=anjuna-policy-manager-plugin auth apm

Enabling the plugin

Complete the setup by enabling the APM plugin and the kv secrets storage engine:

$ docker exec -e VAULT_TOKEN -e VAULT_CACERT apm vault auth enable apm
$ docker exec -e VAULT_TOKEN -e VAULT_CACERT apm vault secrets enable --path anjuna kv