Cloud HSM with Key Export Guide
Luna Cloud HSM with Key Export is a unique Luna Cloud HSM Service offering that provides users with remote access to a Hardware Security Module (HSM) partition with private key exporting. Luna Cloud HSM with Key Export allows users to export HSM private keys from the partition to an encrypted file for off-board storage or use. This section contains the following material for using the Luna HSM Backup with an on-premises Luna HSM.
Key Exporting Guides
To begin exporting keys, refer to the following documents:
Adding and Configuring the Service
To deploy the Luna Cloud HSM with Key Export service, select the Luna Cloud HSM with Key Export tile in the DPoD platform and follow the instructions described in Adding a Luna Cloud HSM Service and Configuring the Service Client.
A Luna Cloud HSM with Key Export service has the following capabilities and restrictions:
- Private keys cannot be cloned to other Luna Cloud HSM Services, Luna Network HSMs, or Luna Backup HSMs.
- The partition cannot be part of an HA group (private keys will not be replicated).
- All keys/objects, including private keys, can be wrapped off the HSM (can be exported to a file encrypted with a wrapping key).
Luna Cloud HSM with Key Export is useful when generating key pairs for identity issuance, where transient key-pairs are generated, wrapped off, and embedded on a device. They are not used on the HSM, but generated and issued securely, and then deleted from the HSM.