Azure Dedicated HSM
An Azure service that provides hardware security module management.
25 questions
2 answers
Azure Dedicated HSM FIPS 140-2 Level 3 Proof
Our auditor is requesting the FIPS CMVP certificate that is used in the Azure Dedicated HSM. Can you provide us the certificate?
asked 2024-02-16T16:01:42.9133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sridharan, Sidhartha
10
Reputation points
commented 2024-02-28T21:55:15.67+00:00
JamesTran-MSFT
36,361
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Why Azure Managed HSM doesn't trust Azure Resource Manager.
Hi "Azure Managed HSM doesn't trust Azure Resource Manager by default. However, for environments where such risk is an acceptable tradeoff for the ease of use of the Azure portal and template deployments, Managed HSM offers a way for an…
asked 2024-01-31T13:55:10.36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 16%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGH%3C/text%3E%3C/svg%3E)
Glenn Hunter
105
Reputation points Microsoft Employee
commented 2024-02-09T22:01:03.1766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
33,706
Reputation points Microsoft Employee
1 answer
Is there a plan to use HSMs with a valid FIPS certificate that is not historical for HSM protected key vaults?
This Microsoft link shows that the HSM protected key vault uses HSMs with certificates that are historical. Key Vault service uses a mix of Thales nShield F2 6000+ and Marvell LiquidSecurity HSM cards in the backend for HSM functionality. They are…
asked 2023-05-08T20:23:21.9466667+00:00
Sridharan, Sidhartha
10
Reputation points
commented 2024-02-01T20:43:40.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 57.99999999999999%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHC%3C/text%3E%3C/svg%3E)
Harry, Christopher
20
Reputation points
2 answers
One of the answers was accepted by the question author.
I deleted an HSM in KeyVault but I'm still paying for it
Hi, One month ago, I created by mistake an HSM then removed it. Yesterday I got a recommendation saying that I don't have a backup for this resource. When clicking on the resource it says that the resource doesn't exist. In the activity log I can see…
asked 2023-08-10T13:01:07.94+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 14.000000000000002%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM3%3C/text%3E%3C/svg%3E)
MichelMassaro-3126
20
Reputation points
commented 2024-01-10T13:58:20.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 66%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Veronica Segura
0
Reputation points Microsoft Employee
0 answers
About SDK information for Azure Dedicated HSM
We are considering using Azure Dedicated HSM. Is it possible to implement it in Java? If possible, could you please provide the SDK? Sincerely,
asked 2023-08-31T11:05:31.71+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 63%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
宮越 一稀
0
Reputation points
commented 2023-09-05T22:42:22.5266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
ChaitanyaNaykodi-MSFT
22,216
Reputation points Microsoft Employee
1 answer
Azure Dedicated HSM - custom cipher algorithm
We want to deploy a cloud data encryption service for symmetric encryption. We use our custom proprietary block cipher algorithm. Is there a way to use our own symmetric cipher code with Azure Dedicated HSM secure key storage and encryption service?
asked 2023-08-22T16:46:35.75+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 68%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Darhani, David
0
Reputation points
commented 2023-08-29T16:30:03.4633333+00:00
JamesTran-MSFT
36,361
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
I deleted an HSM key vault, but I’m so far unable to purge that through PowerShell, please help!
Hi, I could really use assistance with purging an “HSM key vault” that I added to my Azure portal last week. I created the “HSM key vault” as part of an online video lesson I was going through, in preparation for the AZ-104 exam. However, I’ve been…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 10%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
0 answers
Managed HSM didn't deploy successfully. Can't delete it and it's maxing out my monthly subscription allowance
Hey there. I tried to add a Managed HSM to my subscription and it didn't deploy properly. Now I can't delete it yet it seems to be running and using up my monthly subscription allowance. I can't even log a service/bug request with Microsoft as it's…
asked 2023-08-10T15:08:49.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Marcus Serrao
1
Reputation point
commented 2023-08-14T11:53:24.6433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
14,241
Reputation points Microsoft Employee
4 answers
One of the answers was accepted by the question author.
Difference- HSM protected keys in Vaults (VS) HSM-protected keys in Managed HSM
While creating Azure VMs, we can keep the SSE encryption keys using Customer Managed Keys. We have 2 options when storing these CMK keys in HSM namely ( i know azure keyvault software based also supports CMK, but that is not my question . Mine is…
asked 2023-02-27T12:55:45.9466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 71%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
MS Techie
2,676
Reputation points
answered 2023-08-11T04:35:22.1333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 39%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Senthil Kumar Thangarajan
0
Reputation points
0 answers
How to solve error "One of the specified key operations is not supported" in Azure Key Vault HSM Managed
Dear community, on my Azure Key Vault HSM Managed resource, I am trying to generate a 128bit AES-HSM key but I got the following error: "One of the specified key operations is not supported" What does it mean? How can I solve? Thank You
asked 2023-07-13T11:45:44.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 54%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Fausto Filippi
0
Reputation points
commented 2023-07-14T22:22:22.61+00:00
Marilee Turscak-MSFT
33,706
Reputation points Microsoft Employee
2 answers
How to grant permissions to imported keys in Azure Key Vault Managed HSM
Hey folks, Your advice is highly appreciated. I'm having trouble with granting permissions to Imported rsa keys in Azure Managed HSM. I wish to use our own generated RSA keys for PostgreSQL flexible server for Data encryption in Azure. What have I done…
asked 2023-06-08T17:55:42.9933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 2%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Raul Siim
0
Reputation points
commented 2023-06-19T18:41:48.91+00:00
JamesTran-MSFT
36,361
Reputation points Microsoft Employee
0 answers
How to import a wrapped private key in the Azure Managed HSM?
I have received a wrapped (encrypted) and base 64 encode of the key as a json format. I want to import this key into the Azure Managed HSM. I tried to do so but facing two issues - Not able to convert the wrapped key to the desired file format and…
asked 2023-06-07T15:10:30.0733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 43%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Abhishek Paul
0
Reputation points
commented 2023-06-08T01:18:47.42+00:00
Marilee Turscak-MSFT
33,706
Reputation points Microsoft Employee
1 answer
What CA signs certificates when using Azure Key Vault with HSM to generate & store application PKI keys and certificates?
Hi. Can anyone tell me what CA is used when I generate keys and get them signed within the Azure Key Vault? Also, do I have the ability to stand up a subordinate CA in Azure, leveraging Azure Key Vault with HSM to store my CA keys and where the sub CA…
asked 2023-04-04T16:36:47.7366667+00:00
Marcus Serrao
1
Reputation point
commented 2023-05-08T03:49:56.4266667+00:00
Akshay-MSFT
16,026
Reputation points Microsoft Employee
3 answers
What options are there for HSM on Azure Stack HCI?
Can i use managed HSM on Azure Stack HCI? Could it be a third party HSM? Thanks!
asked 2023-01-04T20:24:36+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 26%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Jaime Rodriguez
1
Reputation point
answered 2023-02-27T08:26:11.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Martin Gammelgård Rasmussen
0
Reputation points
1 answer
Is keyvault and keyvault HSM similiar from code perspective?
Hi I wonder whether getting certificates from KeyVault in c# is any different (do I need to use the same api, same integration nugets) from getting certificates from KeyVault based on HSM? thanks Michal
asked 2022-10-12T11:48:49.077+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Michal Szilder
1
Reputation point
commented 2022-10-25T03:53:52.567+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
27,486
Reputation points Microsoft Employee
0 answers
PKCS #7 xml signing capabilities in Azure Key Vault Managed HSM
Hello, We have a client who is using an on prem hardware HSM to sign XML documents using PKCS #7 (RFC 2315) compliant signatures. It looks like the Managed HSMs in Azure recently changed from Thales Luna devices, which should support that capability,…
asked 2022-05-26T23:08:03.463+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 84%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
ericleigh007
1
Reputation point
commented 2022-05-31T14:09:34.89+00:00
Siva-kumar-selvaraj
15,546
Reputation points
2 answers
Creation of HSM Keyvault failed with ServiceUnavailable (powershell) or Capacity check failed (az cli)
Since a couple of days I'm unable to create a HSM Keyvault. I've got a powershell script which I've run successfully untill last monday. In this script I do an: New-AzKeyVaultManagedHsm -Name $name -ResourceGroupName $resourceGroup -Location…
asked 2022-04-28T14:46:19.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 39%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Rutger Kars
1
Reputation point
commented 2022-05-12T04:24:29.157+00:00
Siva-kumar-selvaraj
15,546
Reputation points
3 answers
How many HSMs do we need?
Hi, We are building a new PKI, and will use HSMs for the root and issuing CAs. We are seeing advice (on forums, and from Microsoft support and Thales) that the HSMs need high availability, and so will need at least two, and that we should use at…
asked 2022-03-14T12:13:34.457+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 43%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
NOBLE Robert
1
Reputation point
answered 2022-03-22T08:13:14.747+00:00
Vadims Podāns
8,866
Reputation points MVP
1 answer
Can we get the Azure activity directory and HSM metrics data ?
Hi , We have our own internal resource monitoring tool for monitoring the cloud resources, and now we are trying to integrate the Azure AD and HSM services but there is no metrics are available to these services. is there anyway can we get the metrics…
asked 2021-11-15T07:20:28.947+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 1%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
saravanakumar M
1
Reputation point
answered 2021-11-17T00:00:45.287+00:00
JamesTran-MSFT
36,361
Reputation points Microsoft Employee
1 answer
How to import key exchange key in TR-31 format in Azure Key Vault?
The 3rd party, does not have the HSM requirement for using BYOK tool and transfer to us the key for import in Azure Key Vault. They only can transfer the key exchange key in TR-31 format (key exchange block). How can I import this type of key format…
asked 2021-10-08T11:11:11.447+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 92%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Carlos Sáez
1
Reputation point
commented 2021-10-17T18:01:07.557+00:00
Carlos Sáez
1
Reputation point