Configuring Cryptographic Security Platform Vault as a Luna Cloud HSM Client

The following procedure describes how to configure Cryptographic Security Platform Vault as a Luna Cloud HSM Client.

Important: You can only configure both the Luna Cloud HSM and the Luna HSM if you are forming an HA Group to allow for High Availability. For more information, see Configuring a Luna HSM HA Group.

Before You Begin 

For the HSM server that you want to connect to Cryptographic Security Platform Vault, make sure you have the following information available:

  • The service client bundle for the HSM. When you create a service client, you will be prompted to download the service client bundle.

  • The HSM partition name and password.

  • A Cryptographic Security Platform Vault account with Security Admin privileges.

Procedure 

  1. Log into the Cryptographic Security Platform Vault Management webGUI using an account with Security Admin privileges.
  2. In the top right, click the Switch to Appliance Management link.
  3. In the top menu bar, click Settings.
  4. In the System Settings section, click HSM Server Settings.
  5. On the HSM Server Settings page, select Thales Luna HSM from the Type drop-down list and click Configure.

  6. On the Luna HSM Server Settings page, select the Luna Cloud HSM tab and then specify the options you want to use for the HSM server.

    Field

    Description

    State

    Make sure this field is set to Enabled.

    Partition Label or HA Group Name

    Enter the partition label for the partition on the HSM server that Cryptographic Security Platform Vault will be using.

    Note: Make sure you enter the partition label and not the partition name in this field.

    Crypto Officer (CO) Password

    Enter the password for the Crypto Officer (CO) password.

    Service Client Bundle

    Click Browse to specify the location of the service client bundle that you downloaded.

    Session Timeout

    The length of time Cryptographic Security Platform Vault keeps the communication session open with an HSM server. When the session expires, a new session is created with the same timeout value. The default is 30 minutes.

  7. Click Apply, then click Proceed at the prompt.  

  8. Select Actions > Test Connection to test your connection. You should see a message that says the HSM connection is OK.