Skip to main content

Quickstart for Azure External Key Management

This page provide an overview of how to integrate the Azure Managed HSM external key management with a Primus HSM or CloudHSM. For full details, please see the linked sections of the installation guide.

  1. Prerequisites:
    • Prepare an Azure subscription for use with external key management, ensure sufficient permissions.
    • Create or use an existing Managed HSM and enable external key management for it.
    • Obtain a Securosys HSM and configure it or use a preconfigured CloudHSM Partition.
    • Prepare a host on which to deploy the Securosys EKM Proxy for external key management.
    • Obtain a publicly signed CA certificate for your proxy host domain name.
  2. Install the EKM Proxy:
    • Configure the EKM Proxy and deploy it.
  3. Integrate with Azure:
    • Obtain the Managed HSM client certificate and common name.
    • Update the EKM Proxy with the Managed HSM client certificate and common name.
    • Establish a connection between your Managed HSM and EKM Proxy.
    • Enable Customer managed keys and create an external RSA or AES key.

When Azure Services performs crypto operations against the External Managed HSM Key, a communication channel is opened between the EKM Proxy and the Managed HSM. The operation is performed in your on-premise Primus HSM or your CloudHSM Partition.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Feedback
Need help?