Prerequisites

This installation guide explains how to set up the VaultCode runtime in a Primus HSM, by launching the VaultCode image within the VaultContainers subsystem. This subsystem can run Docker containers, including VaultCode and the TSB.

Running VaultCode inside your HSM is the production mode. Only when VaultCode runs inside an HSM, VaultCode can attest the runtime environment that executed your business logic.

To install VaultCode on your Primus HSM you need:

A CyberVault Pro HSM or higher (X2-series) with firmware version 3.3 or higher.
When using a Decanus to remotely manage the HSM: The Decanus requires firmware version 2.3.2 or higher.
Licenses:
- jce
- rest_api
- vault_code
- Optionally (for SKA and Automated Approval): tsb_engine and key_auth

Enable Partition-Level Options

Enable VaultCode in the "User Security" settings of the Partition. Also enable the related required settings.

UI
Console

SETUP → CONFIGURATION → SECURITY → USER SECURITY → (user) → (setting)

Enable the following settings:

User Configuration
JCE
VaultCode

Optionally, when using the TSB and/or SKA, also enable:

Key Authorization
REST API access
TSB Workflow Engine

hsm_user_enter_config

hsm_user_list_config use_usr_cnf

hsm_user_set_config use_usr_cnf=true
hsm_user_set_config jce=true
hsm_user_set_config vault_code=true

# Optional, when using the TSB and/or SKA
hsm_user_set_config rest_api=true
hsm_user_set_config tsb_engine=true
hsm_user_set_config key_auth=true

hsm_user_exit_config

Get started withCloudHSM for free.

Need help?Contact Support.

Other questions?Ask Sales.

Enable Partition-Level Options​

Enable Partition-Level Options