CloudHSM Key Hierarchy

In simple terms, what is the key hierarchy in CloudHSM for actually encrypting data. I found this very easily for AWS KMS...... Domain Key > HBK/KMS Key > Data encryption Key (with exportable key tokens in the mix).

I can find no similar explanation in the literature for CloudHSM. I have gone through blogs, user guide, FAQs etc. What's the top key and how does it work it's way down in the envelope process from there. If this can be found in a link it would be great if someone could pass it along. I have been looking for quite some time. Thanks.

Topics

Security, Identity, & Compliance

Relevant content

Oracle on RDS: TDE encryption with master key storage in KMS or CloudHSM
Accepted Answer
Vincent
asked 4 years ago
aws cloudhsm key creation
rePost-User-0114260
asked a year ago
AWS CloudHSM with own keys
Accepted Answer
_PM_
asked 10 months ago
What is KMS Key Material?
Accepted Answer
MiqLab3251
asked 9 months ago
How do I use OpenSSL and the key_mgmt_util command line tool to securely transfer my keys to CloudHSM?
AWS OFFICIALUpdated 3 months ago
How do I share keys with others users to only allow certain crypto functions in CloudHSM?
AWS OFFICIALUpdated 3 years ago
How can I use AWS KMS asymmetric keys to encrypt a file using OpenSSL?
AWS OFFICIALUpdated 2 years ago
Should I use an AWS KMS managed key or a customer managed KMS key to encrypt my objects on Amazon S3?
AWS OFFICIALUpdated 2 years ago
Announcing support for multiple host keys and key types for AWS Transfer Family servers
EXPERT
sagarb-aws
published 2 years ago
AWS Transfer Family announces quantum-safe key exchange for SFTP
EXPERT
AWS
published 10 months ago