CloudHSM
Definition
CloudHSM (Hardware Security Module) is a cloud-based service that provides dedicated hardware security modules to manage cryptographic keys and perform cryptographic operations. It is designed to enhance security by offloading cryptographic tasks to a dedicated hardware device, ensuring that sensitive key material is protected from exposure. CloudHSM is often used to meet compliance requirements and secure applications by providing a high level of assurance for key management and cryptographic operations.
Secure Settings Example
# Example configuration for AWS CloudHSM
hsm:
clusterId: "cluster-1a2b3c4d"
subnetIds:
- "subnet-12345678"
securityGroupIds:
- "sg-12345678"
hsmType: "hsm1.medium"
enableAutomaticBackup: true
logging:
cloudwatch:
enabled: true
logGroup: "/aws/cloudhsm/logs"
retentionInDays: 90
Insecure Settings Example
# Example of insecure CloudHSM configuration
hsm:
clusterId: "cluster-1a2b3c4d"
subnetIds:
- "subnet-12345678"
securityGroupIds:
- "sg-12345678"
hsmType: "hsm1.medium"
enableAutomaticBackup: false # Backups are disabled, risking data loss
logging:
cloudwatch:
enabled: false # Logging is disabled, reducing auditability