Overview

This document describes how to easily integrate Securosys CloudHSM (HSM as a service) or on-premises Primus HSM cluster with HashiCorp Vault Enterprise, enabling the advantages of Automatic Unsealing using the wrapped master key stored on the HSM, and to comply with regulatory requirements.

HashiCorp Vault Enterprise HSM support allows:

• Master key wrapping
• Automatic unsealing
• Seal wrapping
• Entropy augmentation

Securosys CloudHSM is a Hardware Security Module (HSM) available as cloud service, without having to worry about time consuming things like evaluation, setup, operation, redundancy, and maintenance of the HSM infrastructure, and is scalable according your needs. The redundant cluster architecture, providing different redundant regions up to redundant world-wide cluster, fits perfectly for distributed Vault nodes access.

Target Audience

This document is intended for Securosys Primus HSM or CloudHSM administrators and IT professionals in charge of the HashiCorp Vault Enterprise Edition administration. Installation of the Securosys Primus PKCS#11 Provider requires that you are already familiar with Windows or Linux administration.

For on-premises HSM deployed operation administrative skills are required for Securosys Primus HSMs.

Support Contact

If you encounter a problem while installing/configuring the PKCS#11 provider or integrating the HSM with the plugins, make sure that you have read the referenced documentation. If you cannot resolve the issue, please contact Securosys Customer Support. For specific requests regarding HashiCorp Vault Enterprise, the Securosys Support Portal is reachable under https://support.securosys.com.

What's Next

For a smooth start integrating your HashiCorp Vault Enterprise Edition using the Primus PKCS#11 Provider:

• Consult the QuickStart for a comprehensive task listing.
• For detailed installation and configuration instructions, follow the Installation section.