Adding a Cryptographic Security Platform Vault Node to a Cluster using an nShield HSM client

After you have configured a single node cluster for the nShield HSM, you can quickly add a new Cryptographic Security Platform Vault node. All members of the Cryptographic Security Platform Vault cluster must be added as clients of the nShield HSM server(s).

1. Use the webGUI to join the new node to your existing cluster that is configured with nShield HSM.

   For complete instructions, see Joining or Re-joining a Cryptographic Security Platform Vault Cluster.

2. After the process is finished, log in to the new cluster node using the webGUI.
3. In the System Settings section, click HSM Server Settings.

4. On the HSM Server Settings tab, select nShield HSM.

   You should see the nShield HSM Server Settings page with all of the settings imported from the original cluster node.

5. Click the Client List tab to view the cluster nodes.
6. Copy the Cryptographic Security Platform Vault IP address and the keyhash of the node that you just added, and paste them in a text window.

7. Use the IP address and keyhash to authenticate Cryptographic Security Platform Vault on nShield. Please see your nShield documentation.

   Important: For Cryptographic Security Platform Vault clusters, you will need to authenticate the IP address and keyhash for each cluster node, and authenticate each node to each HSM.

8. Return to the nShield HSM Server Settings page for the new cluster node.
9. Click the Locate Admin Key button to ensure that the new node is now fully connected to nShield HSM.