Skip to main content

Prerequisites

Before starting the process of integrating the Securosys CloudHSM or on-premise Primus HSM with CyberArk Privileged Access Manager – Self-Hosted, please make sure to fulfill all the necessary requirements listed below:

  • Existing CyberArk installation
  • Primus PKCS#11 Provider v1.8.6 or newer installed on the CyberArk device(s)
  • An HSM:

Install CyberArk PAM

Obtain and install CyberArk PAM.

Make sure that you have the recovery private key (recprv.key). The recovery private key is used when a key to a Safe, encrypted with an external key, is forgotten.

Get an HSM

Before you start, you need to have an HSM. This can be an on-premise Primus HSM, that your install and configure yourself. Alternatively, Securosys CloudHSM is a managed HSM service, allowing you to get started immediately.

For on-premise HSMs, ensure that:

  • The PKCS#11 API is licensed.
  • The PKCS#11 API and Session Objects are enabled in the security configuration of your HSM.

Configure the Primus PKCS#11 Provider

Because CyberArk PAM uses the PKCS#11 API to access the HSM, the Primus PCKS#11 API provider needs to be installed and configured on the servers that run CyberArk PAM.

Please follow the PKCS#11 provider installation guide to install and configure the provider.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Feedback
Need help?