Prerequisites
This section describes the prerequisites needed for integrating Versasec vSEC:CMS with Securosys HSMs.
1. Versasec vSEC:CMS
A fully operational and licensed Versasec vSEC:CMS is required for this document.
Please see the Versasec vSEC:CMS documentation on how to install and configure the Versasec vSEC:CMS.
2. Get an HSM
Choose between an on-premise Primus HSM and a Securosys CloudHSM. In both cases, please ensure that the PKCS#11 API is included in your license.
- CloudHSM
- On-premise
CloudHSM is a hosted offering from Securosys, where Securosys manages the HSMs for you in a geo-redundant cluster.
For testing purposes, CloudHSM offers a free 90-day trial.
Sign up to CloudHSM
Contact the Securosys Sales team to purchase a Primus HSM. There are various models available.
3. Configure the HSM
To allow all vSEC:CMS master keys to be copied to the HSM it is necessary to change the Security Configuration of the User Partition to allow the user to import the keys into the Primus HSM, instead of exclusively generating them on the HSM.
Therefore, please configure your HSM to:
- Enable the PKCS#11 API
- Enable Key Import
For on-premise Primus HSM, please see the Primus HSM User Guide for how to change these in the Security Configuration.
CloudHSM comes preconfigured and does not require any additional configuration (subject to subscription).