docs/cli/commands/kmip.mdx
The Infisical KMIP server provides Key Management Interoperability Protocol (KMIP) support for integration with KMIP-compatible clients. It acts as a proxy between your KMIP clients and Infisical KMS, enabling standardized key management operations.
For detailed information about KMIP integration, PKI setup, and client configuration, see the KMIP Integration Guide.
infisical kmip start \
--identity-client-id=<client-id> \
--identity-client-secret=<client-secret> \
--hostnames-or-ips=<hostnames-or-ips>
Once started, the KMIP server will:
```bash
# Example
infisical kmip start --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID`.
```bash
# Example
infisical kmip start --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET`.
```bash
# Example
infisical kmip start --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips="kmip.example.com,10.0.1.50"
```
You may also set this via the environment variable `INFISICAL_KMIP_HOSTNAMES_OR_IPS`.
```bash
# Example
infisical kmip start --domain=https://app.your-domain.com --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_API_URL`.
```bash
# Example - listen on all interfaces
infisical kmip start --listen-address="0.0.0.0:5696" --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_KMIP_LISTEN_ADDRESS`.
```bash
# Example
infisical kmip start --server-name="production-kmip" --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_KMIP_SERVER_NAME`.
```bash
# Example
infisical kmip start --certificate-ttl="6m" --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_KMIP_CERTIFICATE_TTL`.
sudo infisical kmip systemd install \
--identity-client-id=<client-id> \
--identity-client-secret=<client-secret> \
--hostnames-or-ips=<hostnames-or-ips>
/etc/infisical/kmip.conf with the provided credentials and settings/etc/systemd/system/infisical-kmip.service```bash
# Example
sudo infisical kmip systemd install --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_UNIVERSAL_AUTH_CLIENT_ID`.
```bash
# Example
sudo infisical kmip systemd install --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_UNIVERSAL_AUTH_CLIENT_SECRET`.
```bash
# Example
sudo infisical kmip systemd install --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips="kmip.example.com,10.0.1.50"
```
You may also set this via the environment variable `INFISICAL_KMIP_HOSTNAMES_OR_IPS`.
```bash
# Example
sudo infisical kmip systemd install --domain=https://app.your-domain.com --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_API_URL`.
```bash
# Example
sudo infisical kmip systemd install --listen-address="0.0.0.0:5696" --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_KMIP_LISTEN_ADDRESS`.
```bash
# Example
sudo infisical kmip systemd install --server-name="production-kmip" --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_KMIP_SERVER_NAME`.
```bash
# Example
sudo infisical kmip systemd install --certificate-ttl="6m" --identity-client-id=<client-id> --identity-client-secret=<client-secret> --hostnames-or-ips=<hostnames-or-ips>
```
You may also set this via the environment variable `INFISICAL_KMIP_CERTIFICATE_TTL`.
The systemd service is installed with secure defaults:
/etc/systemd/system/infisical-kmip.service/etc/infisical/kmip.confAfter installation, manage the service with standard systemd commands:
sudo systemctl start infisical-kmip # Start the service
sudo systemctl stop infisical-kmip # Stop the service
sudo systemctl status infisical-kmip # Check service status
sudo systemctl disable infisical-kmip # Disable auto-start on boot
sudo journalctl -u infisical-kmip # View logs
sudo infisical kmip systemd uninstall
/etc/systemd/system/infisical-kmip.service/etc/infisical/kmip.conf