Key Management Service (KMS)
CloudHSM for HashiCorp Vault Enterprise
Managed hardware security module (HSM) for HashiCorp Vault Enterprise
This service uses CloudHSM Economy to store and manage your cryptographic keys for HashiCorp Vault Enterprise. Vault can be securely unsealed using cryptographic keys stored in the HSMs.
How it works
Benefits and features
Root key wrappingVault protects its root key by transiting it through the HSM for encryption rather than splitting into key shares. |
Automatic unsealingVault stores its HSM-wrapped master key in storage, allowing for automatic unsealing. |
Seal wrappingThis mechanism allows to wrap values with an extra layer of encryption for supporting seals. This adds an extra layer of protection and is useful in some compliance and regulatory environments, including FIPS 140-2 environments. |
Entropy augmentationHigh entropy allows for the generation of strong cryptographic keys by increasing randomness and unpredictability. |
Related services
CloudHSM for Amazon Web Services (AWS)
A managed service with an External Key Store (XKS) Proxy to be integrated with Amazon Web Services (AWS).
CloudHSM Blockchain
A fully managed HSM to protect your cryptocurrency operations within your blockchain infrastructure
CloudHSM for OpenSSL
A managed HSM service to store and manage the private keys associated with your SSL/TLS certificates.
Getting started
Pricing
You pay a monthly fee for each HSM in your account. Rates vary by Region. You can view these at
The HashiCorp Vault Enterprise license fee is not included.