Prerequisites

Before starting the process of integrating the Securosys CloudHSM or on-premise Primus HSM with CyberArk Privileged Access Manager – Self-Hosted, please make sure to fulfill all the necessary requirements listed below:

Existing CyberArk installation
Primus PKCS#11 Provider v1.8.6 or newer installed on the CyberArk device(s)
An HSM:
- Securosys CloudHSM, or
- Securosys Primus HSM, firmware v2.8.21, v2.10.5 or newer.

Install CyberArk PAM

Obtain and install CyberArk PAM.

Make sure that you have the recovery private key (recprv.key). The recovery private key is used when a key to a Safe, encrypted with an external key, is forgotten.

Get an HSM

Before you start, you need to have an HSM. This can be an on-premise Primus HSM, that your install and configure yourself. Alternatively, Securosys CloudHSM is a managed HSM service, allowing you to get started immediately.

For on-premise HSMs, ensure that:

The PKCS#11 API is licensed.
The PKCS#11 API and Session Objects are enabled in the security configuration of your HSM.

Configure the Primus PKCS#11 Provider

Because CyberArk PAM uses the PKCS#11 API to access the HSM, the Primus PCKS#11 API provider needs to be installed and configured on the servers that run CyberArk PAM.

Please follow the PKCS#11 provider installation guide to install and configure the provider.

Get started withCloudHSM for free.

Need help?Contact Support.

Other questions?Ask Sales.

Install CyberArk PAM​

Get an HSM​

Configure the Primus PKCS#11 Provider​

Install CyberArk PAM

Get an HSM

Configure the Primus PKCS#11 Provider