The Azure Cloud HSM Client SDK is a robust tool designed for secure management of cryptographic keys in a cloud environment. It caters to businesses requiring high security and compliance with FIPS 140-3 Level 3 standards, ensuring that your sensitive data is protected against unauthorized access.
Key Features:
FIPS 140-3 Validation: Ensures the highest level of security for cryptographic operations.
Administrative Control: Provides full control over HSMs, allowing customization to meet specific security needs.
Versatile Applications: Supports a range of applications including PKCS#11, SSL/TLS offloading, and transparent data encryption.
Compliance Assurance: Meets industry standards, making it suitable for regulated environments.
Audience & Benefits:
Ideal for enterprises needing secure key management and compliance with strict regulations. The SDK enhances security by providing a single-tenant HSM service, streamlines application migration to Azure, and supports certificate storage via PKCS#11. It can be installed via winget, ensuring ease of deployment across supported platforms.
This solution is perfect for organizations looking to migrate applications securely from on-premises or other cloud services, offering a compliant and efficient cryptographic environment.
README
Microsoft Azure Cloud HSM SDK
Microsoft Azure Cloud HSM is a highly available, FIPS 140-3 Level 3 validated single-tenant HSM service that is compliant with industry standards. Azure Cloud HSM grants customers complete administrative authority over their Hardware Security Module (HSM). It provides a secure and customer owned HSM cluster for storing cryptographic keys and performing cryptographic operations. It's the ideal solution for customers who require FIPS 140-3 Level 3 validated Hardware Security Modules and supporting various applications, including PKCS#11, offload SSL/TLS processing, certificate authority private key protection, transparent data encryption, including document and code signing.
SUPPORTED SCENARIOS
Microsoft Azure Cloud HSM is most suitable for the following types of scenarios:
Migrating applications from on-premises to Azure Virtual Machines.
Migrating applications from Azure Dedicated HSM or AWS Cloud HSM.
PKCS#11, OpenSSL, JCA/JCE, CNG/KSP
ADCS (Active Directory Certificate Services)
SSL/TLS Offloading (Apache/Nginx)
MSSQL/Oracle TDE (Transparent Data Encryption)
Document/File/Code Signing
Azure Cloud HSM supports certificate storage via PKCS#11. The Azure Cloud HSM PKCS#11 library supports storing public key certificates as public objects, in accordance with the PKCS#11 v2.40. This capability is available starting with SDK version 2.0.2.0 and enables both public and private PKCS#11 sessions to create, retrieve, modify, and delete certificate objects.
NOT SUPPORTED
Microsoft Azure Cloud HSM does not integrate with other PaaS/SaaS Azure services. Azure Cloud HSM is IaaS only.
Microsoft Azure Cloud HSM is not a good fit for the following type of scenarios: Microsoft Cloud services that require support for encryption with customer-managed keys (such as Azure Information Protection, Azure Disk Encryption, Azure Data Lake Store, Azure Storage, and Customer Key for Office 365). For those scenarios customers should use Azure Managed HSM.
Azure Cloud HSM is Not a Bare-Metal HSM appliance.
Azure Cloud HSM is Not a Secret Store.
Azure Cloud HSM is Not a Certificate Lifecycle Management offering.