Prerequisites
This symbol contains helpful or important information for setting up Securosys Secrets Engine Plugin
This symbol means to be careful and obey all instructions. You might do something that could result in data loss
Feature or action requires role activation using
- Genesis Card
- Security Officer (SO) Cards 2 of n
Support Contacts
If you encounter a problem while installing/configuring the provider or integrating the HSM with the Securosys Secrets Engine plugin, make sure that you have read the referenced documentation. If you cannot resolve the issue, please contact Securosys Customer Support. For specific requests regarding Securosys Secrets Engine plugin, the Securosys Support Portal is reachable under link.
Installed and configured Transaction Security Broker
Ensure that you have access to an installed and configured Transaction Security Broker and your TSB version is updated to:
- TSB Software v.1.18.0 or higher.
TSB is available both as on-premises or as-a-service with CloudsHSM. For more information on how to configure and install TSB on-premises, follow Securosys TSB On-Prem Installation Guide.
You can download the Securosys TSB Software from the Securosys Support Portal.
Configured Securosys Primus HSM
If you have configured the TSB with on-premises Primus HSM security architecture, ensure that the Primus HSM is updated to the following firmware:
- Primus HSM Firmware v2.8.21, v2.11 or higher.
You can download the Securosys Primus HSM firmware from the Securosys Support Portal.
In the CloudsHSM ECO and SBX service this requirement is met and therefore no additional action is required.
The guide does not cover the initial setup of the Primus HSM. Follow the procedures outlined in Primus HSM device setup with wizard 2.11+. Ensure that the settings align with the TSB requirements as specified in Primus HSM device configuration for TSB.
Required Licenses from Securosys
According to your security architecture you will require the following licenses:
On-premises Primus HSM installations:
With Multi-Authorization Workflow:
-
TSB Server Software License
-
Primus HSM with:
-
Attestation License
-
SKA License
-
Without Multi-Authorization Workflow:
-
TSB Server Software License
-
Primus HSM with:
- Attestation License
CloudsHSM subscription: (CloudsHSM TSBaaS is bound to CloudsHSM ECO or SBX partition)
With Multi-Authorization Workflow:
-
TSB Server as a Service ECO, or
-
TSB Server as a Service SBX
Without Multi-Authorization Workflow:
-
CloudsHSM ECO and CloudsHSM RESTful API ECO, or
-
CloudsHSM SBX and CloudsHSM RESTful API SBX
Docker installation
Before proceeding, ensure that Docker is installed and running on your system.
In this guide we will use the Linux Ubuntu 22 (amd 64), for other operating systems and Linux distributions please refer to the referenced guides.
If Docker is not yet installed follow Install Docker Engine on Ubuntu, the installation guide for Linux Ubuntu.
For other operating system docker installations please see Get Docker.