Overview: Using Hardware Security Modules (HSM) with Firefly¶

Venafi Firefly integrates with Hardware Security Modules (HSMs) to securely generate, store, and manage cryptographic keys for signing operations. This integration enhances the security and compliance of your cryptographic operations by leveraging HSMs' tamper-evident and tamper-resistant features.

Features and benefits¶

• Enhanced Security: Integrating Firefly with HSMs ensures compliance with rigorous security standards like FIPS 140-2 and Common Criteria. This setup maintains the integrity and confidentiality of your cryptographic operations.
• Centralized Key Protection: Using HSMs with Firefly centralizes the protection of signing keys, ensuring these critical assets are securely stored and managed, thereby reducing the risk of exposure and unauthorized access.
• Compliance: Leveraging HSMs with Firefly helps organizations meet regulatory and compliance requirements for secure key management.

Audience and use cases¶

• PKI Administrators: Individuals responsible for managing cryptographic keys and ensuring the security of signing operations within an organization.
• Enterprises: Organizations requiring high assurance for the protection of signing keys, especially in regulated industries like finance and healthcare.

Requirements and compatibility¶

To integrate HSMs with Firefly, you will need:

• HSM Device: An HSM device with a supported PKCS#11 interface. Currently, we support Luna Network HSM.
• Client Software: HSM client software installed on the host or container where Firefly will be running.
• Configuration Access: Ability to configure the config.yaml file for Firefly and the Control Plane SubCA provider settings.

Next steps¶

To get started with integrating HSMs with Firefly, see details for setting up HSM with Firefly.

Related links¶

• FireFly config.yaml file reference
• SubCA provider configuration