hsm changePw

Change the password or PED key contents for the HSM SO. Both the old and the new PED key are required for multifactor quorum-authenticated HSMs.

From time to time, it might be necessary to change the secret associated with a role on an HSM appliance, a role on a cryptographic module (HSM) or a partition of an HSM, or a cloning domain secret. Reasons for changing credentials include:

>Regular credential rotation as part of your organization's security policy

>Compromise of a role or secret due to loss or theft of a PED key

>Personnel changes in your organization or changes to individual security clearances

>Changes to your security scheme (implementing/revoking M of N, PINs, or shared secrets)

User Privileges

Users with the following privileges can perform this command:

>Admin

Syntax

hsm changePw [-oldpw <password> -newpw <password>]

Argument(s)	Shortcut	Description
-newpw <password>	-n	Specifies the new password that is used as the HSM SO's login credential to the HSM. If the new password is not provided on the command line, the you are interactively prompted for the new password, and for confirmation of the new password. Passwords and activation challenge secrets must be 8-255 characters in length. Spaces are allowed; to specify a password with spaces using command-line options, enclose the password in double quotation marks. The space character may not be used as the first character in a password. The following characters are allowed: `!#$%'()*+,-./0123456789:=? @ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~` This character set is enforced when using Luna Appliance Software 7.9.0 or Luna HSM Client 10.8.0 or newer, and recommended for all previous versions. Previously-set passwords and challenge secrets are unaffected, but the new character set is enforced when these passwords are changed.
-oldpw <password>	-o	Specifies the current password for the HSM SO. If the current password is not provided on the command line, the user is interactively prompted for the current password.

Argument(s)

Shortcut

Description

-newpw <password>

-n

Specifies the new password that is used as the HSM SO's login credential to the HSM. If the new password is not provided on the command line, the you are interactively prompted for the new password, and for confirmation of the new password.

Passwords and activation challenge secrets must be 8-255 characters in length. Spaces are allowed; to specify a password with spaces using command-line options, enclose the password in double quotation marks. The space character may not be used as the first character in a password.

The following characters are allowed:

!#$%'()*+,-./0123456789:=? @ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~

This character set is enforced when using Luna Appliance Software 7.9.0 or Luna HSM Client 10.8.0 or newer, and recommended for all previous versions. Previously-set passwords and challenge secrets are unaffected, but the new character set is enforced when these passwords are changed.

-oldpw <password> -o Specifies the current password for the HSM SO. If the current password is not provided on the command line, the user is interactively prompted for the current password.

Example

lunash:>hsm changePw

  Please enter the HSM Administrators' current password:
  > ********

  Please enter a new password for the HSM Administrator:
  > ********

  Please re-enter password to confirm:
  > ********

'hsm changePw' successful.


Command Result : 0 (Success)



	SUPPORT	LEGAL
Luna Network HSM 7 Documentation © Copyright 2001-2025, Thales Group Last Updated: 2025-04-23 10:03:03 GMT-05:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information