# Getting Started with Key Manager Plus
Upon completing the Key Manager Plus setup, you can begin using the application. Before configuring the necessary settings and working with the Key Manager Plus console, it is important to familiarize yourself with a set of initial start-ups that will facilitate continuing with further Key Manager Plus operations. This guide provides comprehensive steps on starting, shutting down, and launching the Key Manager Plus application in both Windows and Linux environments.
1. [Starting & Shutting Down the Key Manager Plus Server](#1-starting--shutting-down-key-manager-plus)
2. [Accessing the Key Manager Plus Web Interface](#2-accessing-the-key-manager-plus-web-interface)
3. [Managing Key Manager Plus Encryption Key](#3-managing-the-key-manager-plus-encryption-key)
4. [Licensing](#4-licensing)
## 1. Starting & Shutting Down Key Manager Plus
### 1.1 In Windows
| Using the Start Menu | Using the Tray Icon |
|---|---|
| - Open the Services Manager.
- Locate the ManageEngine Key Manager Plus service in the Services console.
- From here, you can start, stop, or restart the Key Manager Plus service | After installation, the Key Manager Plus icon appears in the Windows system tray. Right-click it to access the following available options:
- Start Key Manager Plus Service (as administrator)
- Stop Key Manager Plus Service
- Open Key Manager Plus Service
- Show Startup Logs
- Startup options |
### 1.2 In Linux
Key Manager Plus can be run as a background service by executing specific commands in a non-root user environment. The service can be started or stopped using terminal commands.
1. To start the Key Manager Plus as a service in Linux, log in as non-root user and execute the following command.
**sudo /etc/init.d/sshkeymanager-service start**
Upon execution, Key Manager Plus server runs in the background as service.
2. To stop the Key Manager Plus server running as a service, execute the following command as a non-root user:
**sudo /etc/init.d/sshkeymanager-service stop**
**Notes:**
- If the service fails to start and prompts a **wrapper** error, navigate to the **/bin** directory as a root user and run the command **chmod 755 wrapper**. Then, restart the service.
- If the /tmp directory is mounted with the noexec option as part of security hardening, Key Manager Plus may not be able to extract the required files during installation. In such cases, remount /tmp with execution permissions before starting the installation, and revert it back to noexec once the installation is complete. Refer to the below commands:
1. Before installation - **sudo mount -o remount,exec /tmp**
2. Post installation - **sudo mount -o remount,noexec /tmp**
**Changing the Key Manager Plus Service to systemd Service Manager**
By default, the Key Manager Plus service is managed using the init.d process control system. However, you can switch to the systemd service manager to take advantage of parallel service execution and enhanced management capabilities by following the steps below:
1. Create a systemd unit file using the following command:
**sudo vi /etc/systemd/system/kmp.service**
2. Now, add the following content to the kmp.service file, updating it with your valid Key Manager Plus details:
```
[Unit]
Description=Key Manager Plus
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/bin
ExecStart=/bin/wrapper -c /conf/wrapper_lin.conf
ExecStop=/bin/*sshkeymanager-service* stop
KillMode=none
Restart=on-failure
TimeoutSec=300
[Install]
WantedBy=multi-user.target
```
3. Replace **** with the absolute path of the Key Manager Plus installation directory. Then, save the kmp.service file to the location **/etc/systemd/system**.
4. Enable the service using the following command:
**sudo systemctl enable kmp.service**
5. Start the service using the following command:
**sudo systemctl start kmp.service**
6. To check the status of the service, execute the following command:
**sudo systemctl status kmp.service**
## 2. Accessing the Key Manager Plus Web Interface
**Notes:**
- For a newly configured setup, the default Username | Password is admin | admin.
- Every time you start the server, Key Manager Plus will be automatically launched in the browser.
There are different ways to connect to the Key Manager Plus web interface:
### 2.1 Automatic Browser Launch
Once the Key Manager Plus server starts successfully, a web browser is automatically launched displaying the Key Manager Plus login page. Since the connection uses HTTPS, you will be prompted to accept the security certificate. Click **Yes** to proceed. Enter the username and password on the login screen and press **Enter**.
### 2.2 Launching the Web Client Manually
In Windows environments, you can also launch the web client manually from the Windows system tray. Right-click the Key Manager Plus tray icon and select **Key Manager Plus Web Console**. A browser will open displaying the Key Manager Plus login page.
Since the connection uses HTTPS, you will be prompted to accept the security certificate. Click **Yes**, enter the username and password, and press **Enter**.
In Linux environments, open a web browser and connect to the following URL:
**https://:/**
where,
- **hostname** - The machine on which Key Manager Plus is running.
- **portnumber** - The port used by the Key Manager Plus server (the default port number is 6565).
For example: **https://localhost:6565/**
### 2.3 Connecting to the Web Client in Remote Hosts
To connect to the Key Manager Plus web client from a remote machine (different from the one where the server is running), open a browser and connect to:
**https://:portnumber/**
where,
- **hostname** - The machine on which Key Manager Plus is running.
- **portnumber** - The port used by the Key Manager Plus server (the default port number is 6565).
As Key Manager Plus uses a secure HTTPS connection, you will be prompted to accept the security certificate. Click **Yes**, enter your **Username** and **Password** on the login screen, and press **Enter**.
## 3. Managing the Key Manager Plus Encryption Key
Key Manager Plus uses **AES-256 encryption** to secure SSH keys, SSL certificates, and other sensitive information stored in its database. The encryption key is auto-generated and unique to every installation. By default, it is stored in a file named **kmp_key.key** under the **/conf** directory.
Key Manager Plus does not allow the encryption key to be stored within its installation directory. This is to ensure that the encrypted key and encrypted data, in both live and backed-up databases, do not reside in the same location.
We strongly recommend storing the encryption key outside of the Key Manager Plus server — preferably on a separate machine or an external drive (hard drive, USB drive, etc.). In such cases, ensure that the Key Manager Plus server has full permission to access the device and the key file at every startup. Once the service is up and running, it no longer needs access to the key and the external device can be taken offline.
Key Manager Plus stores the path of the encryption key in a configuration file named **manage_key.conf**, located under **/conf**. You can edit this file directly to update the key file location.
**Notes:**
- Ensure sufficient protection for the key using multiple layers of encryption (such as Windows File Encryption) and access control.
- Only the Key Manager Plus application should have access to this key. Ensure no other software, script, or person can access it under any circumstances.
- Securely back up the **kmp_key.key** file yourself. You can only recover from Key Manager Plus backups if you supply this key. If the key is lost or misplaced, Key Manager Plus will not start.
## 4. Licensing
Key Manager Plus offers three license types:
| License Type | Validity | Scope |
|---|---|---|
| Evaluation Version | 30 days | Fully functional; supports up to 50 keys* |
| Free Version | No limit | Supports up to 5 keys* |
| Registered Version | Subscription/Perpetual | Licensing based on the number of managed keys* |
The term **'keys'** refers to the total number of SSH private keys, SSL certificates, and any other digital keys managed using Key Manager Plus.
**Note:**
Key Manager Plus provides two user roles: **Administrator** and **Operator**. Licensing restricts the total number of these administrators. However, there is no limitation on the number of Operators. For more details on user roles, refer to the **User Management** section of [this](https://www.manageengine.com/key-manager/help/user-manual-addition.html) help documentation.
### 4.1 Apply License File
When you purchase Key Manager Plus, you will receive a product license key. To apply the license key, follow the steps given below:
1. Click your account information in the top-right corner of the GUI.
2. Select the **License** option from the drop-down list.
3. Click the **Update License** button in the **License Details** pop-up window.
4. Upload the license file you have and apply the license.