Using HSM with KeyControl PASM Vault
You can use an HSM to store your keys more securely.
Important: HSMs must be enabled in the KeyControl Vault Appliance Management webGUI before they can be used in the KeyControl PASM Vault.
To enable HSM:
-
Log into the KeyControl PASM Vault webGUI.
-
At the top right of the vault page, click the Settings icon.
-
On the Settings page, click the HSM tab.
-
Click the HSM toggle button to set it to Enabled. This allows you to use the HSM feature in the KeyControl PASM Vault.
-
Click Test Connection to verify the connection is working successfully. If not, please contact your HSM administrator.
-
Click Enable HSM to enable the HSM connection.
-
You will see an Encryption in progress... message while your keys are being encrypted. You do not need to remain on this page until it has finished.
-
Optionally update the data encryption key cache timeout values and click Apply.
To modify your HSM settings:
-
Log into the KeyControl PASM Vault webGUI.
-
At the top right of the vault page, click the Settings icon.
-
On the Settings page, click the HSM tab.
-
Click the Rekey button to rekey your encrypted data.
You will see a Rekey in progress... message while the rekey occurs. You do not need to remain on this page until it has finished.
Note: If the Rekey button is grayed out, click the Test Connection button to refresh.
-
Update the data encryption key cache timeout values as needed and click Apply.
To disable the HSM:
-
Log into the KeyControl PASM Vault webGUI.
-
At the top right of the vault page, click the Settings icon.
-
On the Settings page, click the HSM tab.
-
Click the HSM toggle button to set it to Disabled.
-
Click Disable HSM to disable the HSM connection.
You will see a Decryption in progress... message while your keys are being decrypted. You do not need to remain on this page until it has finished.
