- Master Key Wrapping: Vault protects its master key by transiting it through the HSM for encryption rather than splitting into key shares
- Automatic Unsealing: Vault stores its HSM-wrapped master key in storage, allowing for automatic unsealing
- Seal Wrapping to provide FIPS KeyStorage-conforming functionality for Critical Security Parameters
- Entropy Augmentation to allow Vault to sample entropy from an external cryptographic module.
For platform agnostic REST-based HSM integration (Secrets Engine) or Vault Community Edition integration see Cloud-aware Primus HSM for HashiCorp Vault.