- Newest
- Most votes
- Most comments
If you're using AWS services, integrate them with AWS Key Management Service, and then KMS integrates with CloudHSM as a custom key store.
Integrating AWS services with KMS (Access controls, IAM, etc): https://docs.aws.amazon.com/kms/latest/developerguide/control-access.html
Custom key store: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
Thanks Dan. I am writing a knowledge base article on CloudHSM at work and want to leave KMS out of the article if I can. I was under the impression that you could use CloudHSM on its own without going the KMS route and using custom key store. Theoretically, can you use CloudHSM without Custom Key store, and if so, how do AWS IAM and the crypto users work together to carry out cryptographic functions in your AWS account?
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 5 months ago- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
Thanks a lot for the quick response. Is it mandatory to use CloudHSM as a custom Key store in order to use it with most AWS services? I have been asked to research CloudHSM only. Can you use CloudHSM on its own? If so, will it work with all AWS services, and how do the services actually connect to CloudHSM?
Can you explain why you wouldn't want to use KMS, while using AWS services? That may help with designing a solution.
You can integrate CloudHSM with many third party secret managers as well: https://docs.aws.amazon.com/cloudhsm/latest/userguide/other-integrations.html
I am not aware of AWS services integrating directly with CloudHSM, except by one hopping via KMS.