<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">

Securing HashiCorp Vault Enterprise

CloudsHSM or Primus HSM Integration Guide


Securosys CloudsHSM is a Hardware Security Module (HSM) available as cloud service, without having to worry about time consuming things like evaluation, setup, operation, redundancy, and maintenance of the HSM infrastructure, and is scalable according your needs. The redundant cluster architecture, providing different redundant regions up to redundant world-wide cluster, fits perfectly for distributed Vault nodes access. 

  • Master Key Wrapping: Vault protects its master key by transiting it through the HSM for encryption rather than splitting into key shares
  • Automatic Unsealing: Vault stores its HSM-wrapped master key in storage, allowing for automatic unsealing
  • Seal Wrapping to provide FIPS KeyStorage-conforming functionality for Critical Security Parameters
  • Entropy Augmentation to allow Vault to sample entropy from an external cryptographic module.

For platform agnostic REST-based HSM integration (Secrets Engine) or Vault Community Edition integration see Cloud-aware Primus HSM for HashiCorp Vault.

Download the Securosys Integration Guide to Secure HashiCorp Vault Enterprise