Security Module with HSM (Physical and Cloud)

Supported HSM Providers

Physical HSM Providers

• Utimaco HSM

• Thales HSM

• Generic HSM - (Any PKCS#11 complaint HSM)

Cloud-Hosted HSM Providers

• AWS Cloud HSM

• Azure Cloud HSM

Enable Security Module with HSM

Follow these steps to enable HSM integration:

• Navigate to Platform Configuration → System → Security Module

• Select HSM (Physical or Cloud).

• Select the vendor from the dropdown and enter the required provider details.

• Enter the username configured in HSM configuration.

• Enter the corresponding password configured against username in HSM.

• Select encryption algorithm from drop-down based on HSM configuration.

• Specify the key type of encryption (e.g., AES OR RSA).

• Enter the unique identifier of the Key ID or Key Name based on HSM configuration.

• Specify the DLL Path of PKCS#11 Dynamic Link Library based on HSM client installation.

• Enter the slot ID based.

• Enable the Status and click Save.

• In the confirmation popup, click Yes to proceed.

Result:

• Sectona Security Platform secures encryption key using the configured HSM provider.

• The application restarts automatically.

Disable Security Module with HSM

Follow these steps to disable HSM configuration:

• Navigate to Platform Configuration → System → Security Module

• Change status to inactive/disabled.

• Confirm the action by saving updated configuration.

Result:

• The application restarts automatically.

HSM is Unavailable

If the HSM becomes unavailable, Sectona Security Platform cannot decrypt encryption key. This lead to failure in starting system and system becomes unavailable for admin and end user.

How to Restore Access:

Option 1: Restore from Backup (Recommended)

• Retrieve the backup Application Configuration file.

• Replace the current configuration file.

Option 2: Manual Recovery

• Open the Application Configuration file.

• Set IsSecurityModuleEnabled=False

• Restore the Encryption Key from the backup file.