BeyondInsight Thales Hardware Security Module User Guide

A Hardware Security Module (HSM) is a device that safeguards and manages digital cryptography keys for strong authentication and provides cryptographic processing functionality. An HSM takes over the key management, encryption, and decryption functionality for stored credentials. This document provides the procedures to configure and manage an HSM for use within BeyondInsight.

BeyondInsight HSM Credential Usage

  • BeyondInsight uses only one set of HSM credentials to encrypt any stored credential at a given time.
  • BeyondInsight always encrypts new or edited credentials using the latest stored set of HSM credentials.
  • BeyondInsight supports legacy HSM credentials. Credentials which were encrypted using an older set of HSM credentials are still accessible, if the HSM credential used to encrypt it has not been manually deleted.
  • Archived HSM credentials remain in the BeyondInsight database until they are manually deleted.