Skip to main content


Securosys Secrets Engine for HashiCorp Vault

This plugin implements a platform-agnostic REST-based HSM interface with zero library installation, while eliminating connectivity hurdles by using secure web connections (TLS). This facilitates the use and deployment in clustered and multi-cloud environments. Moreover, all Securosys HSM innovations like hardware enforced multi-authorization and high-performance encryption (ECIES, AES-GCM) are at one's disposal, for Vault Enterprise and Community Edition.

  • Manage keys securely stored on the HSM
  • Perform cryptographic operations on the HSM
  • Use enhanced Primus HSM features such as high-performance encryption (ECIES, AES-GCM), or hardware-enforced multi-authorization workflows for compliance, signature services, or blockchain transactions.

Target Audience

This document is intended for Securosys Primus HSM or CloudHSM administrators and DevOps professionals. Running the Securosys Plugins requires that you are already familiar with using Docker Engine, Docker Compose, as well as Notation.

For on-premises HSM deployed operation administrative skills are required for Securosys Transaction Security Broker (TSB) and Securosys Primus HSMs.

What's next?