keytool CLOUDHSM not found

The error you're encountering suggests that the CLOUDHSM keystore type is not being recognized by keytool. This could be due to a few reasons:

1. Ensure you have the AWS CloudHSM Client SDK installed correctly. The SDK should be in the specified path (/opt/cloudhsm/java/*).

2. Make sure you're using the correct version of the AWS CloudHSM Client SDK that matches your keytool version. There are different instructions for Client SDK 3 and Client SDK 5.

3. Before running the keytool command, you need to set up the AWS CloudHSM KeyStore. This involves logging into the AWS CloudHSM KeyStore using environment variables or a system property file.

4. The CLOUDHSM keystore type needs to be properly registered with Java. This is typically done by modifying the java.security file to include the AWS CloudHSM provider.

5. When using keytool with AWS CloudHSM key store, avoid specifying -providerName, -providerclass, or -providerpath options on the command line. These should be specified in the security provider file instead.

6. Ensure that you've initialized the HSM cluster and that it's accessible from your environment.

If you've confirmed all these points and are still having issues, you may need to check your Java configuration to ensure it's recognizing the CLOUDHSM keystore type. You might also want to verify that you're using a compatible version of Java with the AWS CloudHSM Client SDK you're using.
Sources
Use AWS CloudHSM key store with keytool using Client SDK 5 - AWS CloudHSM
Use AWS CloudHSM key store with keytool using Client SDK 3 - AWS CloudHSM
AWS CloudHSM KeyStore Java class for Client SDK 3 - AWS CloudHSM
Known issues for AWS CloudHSM integration Java Keytool and Jarsigner using Client SDK 3 - AWS CloudHSM