Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

ProtectServer 3 HSM and ProtectToolkit 7
ProtectServer 2 HSM and ProtectToolkit 5
ProtectServer 3 HSM Integration Guides

All

All

HashiCorp Vault

Overview

ProtectServer 3 HSM Integration Guides
Apache Tomcat
- Overview
- Getting started
- Generating a new SSL certificate and key on a ProtectServer 3 HSM
CyberArk Vault
- Overview
- Getting started
- Generating a CyberArk Vault server key on a ProtectServer 3 HSM
- Migrating an existing CyberArk Vault server key to a ProtectServer 3 HSM
HashiCorp Vault
- Overview
- Getting started
- Configuring HashiCorp Vault
- Rotating HashiCorp Vault Keys
Microsoft Active Directory Certificate Services (ADCS)
- Overview
- Getting started
- Installing Microsoft ADCS on Windows Server using SafeNet KSP
- Enrolling the certification authority certificate
- Archiving the CA key
- Performing a key recovery
Microsoft Online Certificate Status Protocol (OCSP)
- Overview
- Getting started
- Setting up an enterprise root certificate authority
- Installing the Online Responder service
- Configuring CA to issue OCSP response signing certificates
- Creating a revocation configuration
- Verifying auto-enrollment
- Validating OCSP integration
- Troubleshooting
OpenSSL
- Overview
- Getting started
- Configuring OpenSSL and GemEngine for a ProtectServer 3 HSM
Oracle Database Transparent Data Encryption (TDE)
- Overview
- Getting started
- Granting the Oracle Database access to the PKCS#11 library
- Configuring a master encryption key for HSM-based encryption
- Verifying that the master encryption key is encrypting the database

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

Home
ProtectServer 3 HSM Integration Guides
HashiCorp Vault
Overview

Overview

HashiCorp's Vault Enterprise HSM binary can use an HSM to perform the following:

Master Key Wrapping: Vault protects its master key by transiting it through the HSM for encryption rather than splitting into key shares.
Automatic Unsealing: Vault stores its HSM-wrapped master key in storage, allowing for automatic unsealing.
Seal Wrapping: Provides FIPS key storage conforming functionality for Critical Security Parameters.
Entropy Augmentation: Vault leverages HSM for augmenting system entropy via the PKCS#11 protocol.

This document describes how to store the Vault encryption key on a ProtectServer 3 HSM and leverage the HSM for entropy augmentation.

The benefits of securing the keys with a ProtectServer 3 HSM include:

Secure generation, storage, and protection of the encryption keys on FIPS-validated hardware.
Full life-cycle management of the keys.

On this page

ProtectServer HSM and ProtectToolkit

© Copyright 2019-2024, Thales Group
Last Updated: 2024-11-05 11:15:59

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Document Conventions
- Support Contacts
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com