Skip to main content

AWS CloudHSM

PLATFORM

The integration is delivered as an in-product capability to Certificate Manager, Self-Hosted and CodeSign Protect. To enable it, you only need to perform prescribed configurations within TLS Protect and CodeSign Protect with the information related to your AWS CloudHSM. Venafi platform provides you the control plane for managing, orchestrating, and automating the processes around all machine identities across the organization. It provides an industry approval level of security for sensitive materials such as private keys, the protection is done through software. However, many organizations in certain industries are required to provide a level of security that can only be provided by hardware security modules due to many reasons regulatory requirements. This integration with AWS ClouHSM enables you to entrust the safeguarding of the most sensitive key materials for machine identities to HSMs while allows Certificate Manager to automate the processes involve machine identities and provide governance and visibility to them across your organization. With the added deployment speed and efficiency of an on-demand service, AWS CloudHSM provides a cloud-based HSM service with zero upfront capital investment. AWS CloudHSM enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs. CloudHSM offers you the flexibility to integrate with your applications using industry-standard APIs, such as PKCS#11, Java Cryptography Extensions (JCE), and Microsoft CryptoNG (CNG) libraries. This integration is supported since Certificate Manager, Self-Hosted v21.1. WHO WILL BENEFIT Any organization with both Certificate Manager and Entrust nShield HSMs deployed should take advantage of this integration to connect the two systems to reduce overall cybersecurity risks the organization faces. Any organization that needs to meet the regulatory and compliance requirements on data security should consider putting in place these two systems and connect them with this integration.
ADDITIONAL RESOURCES

  • Integration Vendors List for CloudHSM: https://docs.aws.amazon.com/cloudhsm/latest/userguide/other-integrations.html
  • Recommendation for Key Management: part 2 – Best Practices for Key Management Organizations. NIST.SP.800-57pt2r1 ABOUT AWS CloudHSM CloudHSM is standards-compliant and enables you to export all of your keys to most other commercially-available HSMs, subject to your configurations. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups. CloudHSM also enables you to scale quickly by adding and removing HSM capacity on-demand, with no up-front costs.

Certificate Manager, Self-Hosted is the product formerly known as Venafi Trust Protection Platform