Breadcrumbs

HSM Integration

The vESKM or ESKM L2 appliance can be integrated with the Utimaco CryptoServer LAN
Hardware Security Module (HSM) which is a special “trusted” network computer performing
a variety of cryptographic operations:

  • key management, key exchange, encryption etc.

  • Is built on top of specialized hardware.

  • The hardware is well-tested and certified in Utimaco's special laboratories.

  • Has a security-focused OS.

  • Has limited access via a network interface that is strictly controlled by internal rules

  • Actively hides and protects cryptographic material.

To configure the HSM integration in ESKM, perform the following steps:

  1. Log in to the ESKM Management Console.

  2. Select the Device tab.

  3. In Device Configuration, click HSM Integration.

  4. The HSM Integration dashboard is displayed.

imagen-20260323-102053.png


HSM Integration Dashboard

  1. Click Add New HSM.

  2. Enter the required information in the configuration form:

imagen-20260323-113132.png


Add New HSM

  • Enter a name to identify the HSM.

  • Enter the IP address of the HSM.

  • Enter the communication port.

  • Enter the Crypto User name configured on the HSM.

  • Enter the password associated with the Crypto User.

  • Upload the corresponding key file.

  1. Click Add HSM to register the HSM.

Captura desde 2026-03-23 12-31-53-20260323-113153.png


HSM Added (Not Enrolled)

  1. Initially, the HSM will not be enrolled. Click on the 3 dots and then enroll to enroll the HSM and make it available


Captura desde 2026-03-23 12-32-31-20260323-113231.png



HSM Added and Available

The new HSM is now sucessfully added.

Please refer to the “CryptoServer” documentation to create the HSM users.

It is recommended to enroll 2 HSMs for redundancy. An ESKM supports
maximum number of 4 HSMs.