Create a Docker Container to Access a Luna Cloud HSM Service

This section describes the steps to connect to a Luna Cloud HSM service by running the Luna Client in a docker container. These steps require Docker and client version 10.7.2 or higher.

1.Acquire a new DPOD on Demand service from Thales Data Protection on Demand.

2.Download the Luna Cloud HSM service client configuration zip file using the DPoD user interface or API.

3.Create a new Dockerfile using the following template:

FROM ubuntu:20.04
 
RUN apt-get update && \
apt install -y unzip && \
apt install -y libcap-dev && \
#libcap required or lunacm throws libcap.so.2 not found error
apt-get install -y ca-certificates && \
#add ca-certificates to use system CA Bundle
update-ca-certificates
 
RUN mkdir -p /usr/local/dpodclient
 
#NOTE - The name of the zip file below should match the name of the downloaded file from the web portal
COPY setup-myclient.zip /usr/local/dpodclient
 
RUN unzip /usr/local/dpodclient/setup-myclient.zip -d /usr/local/dpodclient
RUN tar xvf /usr/local/dpodclient/cvclient-min.tar -C /usr/local/dpodclient
 
WORKDIR "/usr/local/dpodclient"

4.Build a Docker image using the Dockerfile as context.

docker build -t myimage .

5.Run the Docker image.

docker run -it --entrypoint=./bin/64/lunacm  myimage

NOTE   Using Luna Cloud HSM 10.7.2 or higher, users are no longer required to run setenv to configure the client to connect to the Cloud HSM Service. However, setenv may still be used to configure the client for hybrid use cases or integrations where setting the ChrystokiConfigurationPath is required.
The lunacm command will only be able to run from root of client directory if setenv is not executed.