Prerequisites
Before starting the process of integrating the Securosys CloudHSM or a on-premise Primus HSM with the Securosys Docker Image Encryption Plugin, please make sure to meet all the prerequisites listed here.
This guide has been tested with Ubuntu 22.04 (amd64).
Skopeo does not currently support Windows. See their list of supported operating systems.
Installed and configured Transaction Security Broker (TSB)
Ensure that you have access to a Transaction Security Broker. It should be fully installed, configured, and updated to:
- TSB Software v.1.16.1 or higher.
The TSB is available both on-premise or as-a-service with CloudHSM. For more information on how to configure and install TSB on-premise, follow the TSB installation guide.
Configured Securosys Primus HSM
If you are using a CloudHSM, the HSM has already been fully configured by Securosys.
If you have configured the TSB with a on-premise Primus HSM, ensure that:
- The HSM is running firmware v2.8.21, v2.11 or higher. You can download the firmware from the Support Portal.
- You have completed the initial wizard.
- You have configured the HSM as described in the TSB installation guide.
Required Licenses from Securosys
According to your security architecture, you will require the following licenses:
- On-premise HSM
- CloudHSM
- With Multi-Authorization Workflow:
- TSB Server Software License
- Primus HSM with:
- Attestation License
- Smart Key Attributes (SKA) License
- Without Multi-Authorization Workflow:
- TSB Server Software License
- Primus HSM with:
- Attestation License
- With Multi-Authorization Workflow:
- TSB
- Without Multi-Authorization Workflow:
- REST API
Docker installation
Before proceeding, ensure that Docker is installed and running on your system. To install Docker, follow the Docker documentation.
On Linux, it is recommended to add your user to the docker group.