Cloud HSM with Key Export
HSM on Demand with Key Export is a unique Luna Cloud HSM Service offering that provides users with remote access to an HSM with private key exporting. HSM on Demand with Key Export allows users to export HSM private keys from the remote HSM to an encrypted file for off-board storage or use. This section contains the following material for using the Luna HSM Backup with an on-premises Luna HSM.
Key Exporting Guides
To begin exporting keys, refer to the following documents:
Adding and Configuring the Service
To deploy the HSM on Demand with Key Export service, select the HSM on Demand with Key Export tile in the DPoD platform and follow the instructions described in Adding a Luna Cloud HSM Service
For more information about initializing the service client see Installing a Windows Luna Cloud HSM Service Client or Installing a Linux Luna Cloud HSM Service Client, depending on your operating system.
A HSM on Demand with Key Export service has the following capabilities and restrictions:
- Private keys cannot be cloned to other Luna Cloud HSM Services, Luna Network HSMs, or Luna Backup HSMs.
- The partition cannot be part of an HA group (private keys will not be replicated).
- All keys/objects, including private keys, can be wrapped off the HSM (can be exported to a file encrypted with a wrapping key).
HSM on Demand with Key Export us useful when generating key pairs for identity issuance, where transient key-pairs are generated, wrapped off, and embedded on a device. They are not used on the HSM, but generated and issued securely, and then deleted from the HSM.