Best practices when using Managed HSM
Control Access to your managed HSM
Managed HSM is a cloud service that safeguards encryption keys. As these keys are sensitive and business critical, make sure to secure access to your managed HSMs by allowing only authorized applications and users. This article provides an overview of the access model. It explains authentication and authorization, and role-based access control.
- Create an Azure Active Directory Security Group for the HSM Administrators (instead of assigning Administrator role to individuals), to prevent "administration lock-out" if there was individual account deletion.
- Lock down access to your management groups, subscriptions, resource groups and Managed HSMs - Use Azure RBAC to control access to your management groups, subscriptions, and resource groups
- Create per key role assignments using Managed HSM local RBAC.
- To maintain separation of duties, avoid assigning multiple roles to same principals.
- Use least privilege access principal to assign roles.
- Create custom role definition with precise set of permissions.
- Make sure you take regular backups of your HSM. Backups can be done at the HSM level and for specific keys.
Turn on logging
- Turn on logging for your HSM. Also set up alerts.
Turn on recovery options
- Soft Delete is on by default. You can choose a retention period between 7 and 90 days.
- Turn on purge protection to prevent immediate permanent deletion of HSM or keys. When purge protection is on HSM or keys will remain in deleted state until the retention days have passed.
- See Full backup/restore for information on full HSM backup/restore.
- See Managed HSM logging to learn how to use Azure Monitor to configure logging
- See Manage managed HSM keys for key management.
- See Managed HSM role management for managing role assignments.
- See Managed HSM soft-delete overview for recovery options.