Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Free Registration
- Explore Thales Docs

Accounts
Services
Technical Resources
DPoD APIs

All

All

payShield Cloud HSM Service

HSM Deprovisioning

Services
Luna Cloud HSM Services
Luna Cloud HSM Service Integrations
CipherTrust Key Management Services
- Key Broker for Salesforce
  - Adding a Key Broker for Salesforce Service
  - Managing a Key Broker for Salesforce Service
  - Setting a Rotation Policy
  - Migrating Key Broker for Salesforce to CipherTrust Data Security Platform as a Service
- Key Broker for Google Cloud EKM
  - Service Guide
  - Key Setup Guide
  - Key Use Guide
  - Frequently Asked Questions
  - Migrating Key Broker for Google Cloud EKM to CipherTrust Data Security Platform as a Service
- CipherTrust Data Security Platform as a Service
payShield Cloud Services
- payShield Cloud HSM Service
  - Service Overview
  - Prerequisites
  - Getting Started
    - payShield Cloud HSM Configuration/Subscription Options
    - How to Subscribe to the payShield Cloud HSM Service
  - Service Specifications
  - Connecting to the payShield Cloud HSM Service
    - Azure Connection Guide
    - GCP Connection Guide
    - AWS Connectiontion Guide
  - Service Provisioning from DPoD Platform
    - Trial Tier Provisioning
    - Production Tier Provisioning
    - View Sevice Status
  - HSM Management using payShield Manager
    - Preparing for HSM Commission
    - Steps to Commission payShield Manager
    - Adding Another HSM to the Security Domain
    - Transitioning between HSM States via payShield Manager
    - Viewing Network Interfaces in payShield Manager
  - HSM Deprovisioning
  - APPENDIX A - Glossary
  - APPENDIX B - DPoD Errors
- Point-to-Point Encryption
  - Adding a Point-to-Point Encryption Service
  - Using the service
  - P2PE CLI
    - p2pe key
    - p2pe service
    - p2pe tls
  - P2PE REST API
  - P2PE errors
  - Service Details
  - Frequently Asked Questions
Partner Services

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

DPoD Documentation
Services
payShield Cloud Services
payShield Cloud HSM Service
HSM Deprovisioning

HSM Deprovisioning

Device Release

When access to your cloud HSM subscription is no longer required, you can relinquish control of the HSM in question using the following process in payShield Manager.

“Release device” is only allowed in Secure state.

Log in to the payShield Manager using your HSM Management port IP address.
Click State to change the state to Secure from the bottom right corner.

To switch to Secure state, the user must login with both Left and Right cards.
Click the Configuration tab on the top bar to view the configuration setting of the payShield Manager.
Select Load/Save Settings.
Click Release Device to acknowledge the release of the device.

When “Release Device” button is pressed:
- A popup dialog is displayed for you to acknowledge release of the device
- Following the acknowledgement:
  - all your data is erased
  - all of your logs are erased
  - your specific security settings are reset to Thales defaults
  - host interface settings are reset to Thales defaults
  - your management interface settings are reset to Thales defaults
  - provisioning state is changed to “DataCenter”
  - and the unit is rebooted
Note that the aux interface settings and Thales settings are not impacted.
Click OK to release the payShield HSM.

De-provision Service from DPoD Platform

Pre-requisite: payshield must be released from payshield manager UI before it can be de-provisioned from the DPoD marketplace.

Deleting a payShield Cloud HSM Service will destroy all cryptographic material on any associated partitions and will revoke access from any clients bound to the service.

Tenant Administrators and Application Owners can deprovision services using the DPoD tenant. To delete a service, you must be a member of the Subscriber Group that the service belongs to.

Follow the steps below to de-provision a payShield Cloud HSM service:

Navigate to the My Services list from the services tab.
Find the service you would like to delete. You can filter and sort on service name, type and creation date.
Click the trash can icon in the service's row.
Enter the service's name in the confirmation dialog and click Delete.

On this page

DPoD Documentation

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Services
Support
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com