Managed HSM
Definition
A Managed Hardware Security Module (HSM) is a cloud-based service that provides cryptographic key management and operations within a secure, tamper-resistant hardware environment. Managed HSMs are designed to meet stringent security standards, offering features such as key generation, encryption, decryption, and digital signing, while ensuring that cryptographic keys are protected and managed according to best practices. These services are typically integrated with cloud platforms, allowing for seamless scalability and management.
Secure Settings Example
# Azure Key Vault Managed HSM configuration example
accessPolicies:
- tenantId: "your-tenant-id"
objectId: "your-object-id"
permissions:
keys:
- get
- create
- delete
- encrypt
- decrypt
- sign
- verify
- wrapKey
- unwrapKey
networkAcls:
defaultAction: Deny
bypass: AzureServices
ipRules:
- value: "192.168.1.0/24"
- value: "203.0.113.0/24"
Insecure Settings Example
# Azure Key Vault Managed HSM configuration with insecure settings
accessPolicies:
- tenantId: "your-tenant-id"
objectId: "your-object-id"
permissions:
keys:
- all # Overly permissive access
networkAcls:
defaultAction: Allow # Allows all traffic by default
bypass: None
ipRules: [] # No IP restrictions