Hardware security module integration with Azure VMs

Vishnu Anand 40 Reputation points
2024-05-24T03:10:23.81+00:00

Is there any option available to connect a physical Hardware Security Module (HSM) to an Azure VM, or is the only option to use the Dedicated HSM in the Azure portal?

Azure Dedicated HSM
Azure Dedicated HSM
An Azure service that provides hardware security module management.
27 questions
0 comments No comments
{count} votes

Accepted answer
  1. Prrudram-MSFT 22,931 Reputation points
    2024-05-24T06:06:53.0333333+00:00

    Hi @Vishnu Anand

    Thank you for reaching out to the Microsoft Q&A platform.

    There is no direct option available to connect a physical Hardware Security Module (HSM) to an Azure VM. To connect a physical Hardware Security Module (HSM), you have to use the Azure Dedicated HSM service. This service provides a physical device for sole customer use with complete administrative control and management responsibility. The device made available is a Thales Luna 7 HSM model A790. Microsoft will have no administrative access once provisioned by a customer, beyond physical serial port attachment as a monitoring role. As a result, customers are responsible for typical operational activities including comprehensive monitoring and log analysis.
    Ref: https://learn.microsoft.com/en-us/azure/dedicated-hsm/overview

    Alternatively, you can use Azure Key Vault to store and manage cryptographic keys and secrets. Azure Key Vault supports HSM-protected keys, which are stored in FIPS 140-2 Level 2 validated HSMs. This provides an additional layer of protection for your keys and secrets.
    Ref: https://learn.microsoft.com/en-us/azure/key-vault/keys/hsm-protected-keys

    If I have answered your query, please click "Accept as answer" as a token of appreciation


0 additional answers

Sort by: Most helpful