Securosys' Secrets Engine
Plugin for HashiCorp Vault
Securosys' Secret Engine is a plugin that integrates Hardware Security Modules (HSMs) with Vault, allowing users to generate, manage, and protect secrets using the strong cryptographic capabilities of Securosys' HSMs.
This plugin implements a platform-agnostic REST-based HSM interface with zero library installation, while eliminating connectivity hurdles by using secure web connections (TLS). This facilitates the use and deployment in clustered and multi-cloud environments.
Additionally, Securosys HSM innovations, such as hardware-enforced multi-authorization, are available for enhanced security for HashiCorp Vault Enterprise and Community Edition.
- Manage keys securely stored on the Hardware Security Module (HSM)
- Perform cryptographic operations on the Hardware Security Module (HSM)
- Use enhanced Primus HSM features such as high-performance encryption (ECIES, AES-GCM), or hardware-enforced multi-authorization workflows for compliance, signature services, or blockchain transactions.
Target Audience
This documentation is intended for Securosys Primus HSM or CloudHSM administrators and DevOps professionals. Running the Securosys Plugins requires that you are already familiar with using Docker Engine, Docker Compose, as well as Notation.
For on-premises HSM deployed operation administrative skills are required for Securosys Transaction Security Broker (TSB) and Securosys Primus HSMs.
What's next?
- Read the QuickStart Guide
- Read the usage Tutorials
- Read the Prerequisites
- Read the official Deployment Guide