Prerequisites
Before starting the process of integrating the Securosys CloudsHSM or on-premises Primus HSM with Securosys External Key Store (XKS) Proxy and AWS KMS External Key Store, please make sure to fulfill all the necessary requirements listed below:
- Existing AWS account,
- Configured AWS VPC, AWS KMS external key store successfully connected (Example basic VPC configuration guide shown in the document annex)
- Securosys XKS Proxy v1 or newer,
- Securosys Support portal account. Access to the software download requires registration as a registered support user.
If you are new to developing applications with a Securosys-HSM, you can obtain a free developer account by contacting us at info@securosys.com, - Securosys CloudsHSM Service Account (HSM as a Service) or Securosys Primus HSM, firmware v2.8.21, v2.10.5 or newer with JCE API license.
- Installed latest docker version on your host device and configured user permissions.
If you need help with installing Docker on your EC2 instance please review our EC2 Docker installation section.
To download the Securosys XKS proxy please visit the Downloads
For a sample Key Management service (KMS) External Key Store configuration please see our provided example
An example how to generate a .jks domain file is shown here
It is recommended to establish redundancy in your environment. For more information on Securosys XKS proxy redundancy please refer to AWS documentation Creating a network load balancer.