Configure HSM Credentials in BeyondInsight

Esnure the following have been completed prior to configuring HSM credentials in BeyondInsight:

  • The HSM has been installed and configured.
  • The Thales client software has been installed and connected to the HSM.

There must not be any other credentials configured in the database when the HSM configuration procedure is executed.

Add an HSM Credential to BeyondInsight

  1. Log in to the BeyondInsight server that is configured to access the HSM.
  2. Open the BeyondInsight Configuration tool:

    Start > Apps > eEye Digital Security > BeyondInsight Configuration.

  3. If a User Account Control dialog box appears, click Yes to continue.

In the BeyondInsight Configuration tool, click Configure HSM Credentials

  1. Click Configure HSM Credentials.

In the Configure HSM Credentials window, enter the HSM details and click Save.

  1. The Configure HSM Credentials dialog appears. Select Edit > Add New HSM Credential.
  2. Enter HSM details as follows:
    • 32-bit Driver Path: Select the 32-bit PKCS #11 driver that was supplied with your HSM client software.
    • 64-bit Driver Path: Select the 64-bit PKCS #11 driver that was supplied with your HSM client software.

The Thales HSM PKCS #11 drivers are located in the C:\Program Files\SafeNet\LunaClient folder.

    • Slot: After valid 32-bit/64-bit drivers are selected, this dropdown contains a list of the tokens presented by the driver in the format of label (slot number).
      • The label is the name of the HSM token. Some HSMs have a default name. Otherwise, it is a name set when you configured your HSM.
      • The slot number is an index number starting at 0, which indicates the token’s position within the list of tokens presented by the driver.
    • Key Name: HSM keys are identified labels. A unique name must be provided for each key to associate encrypted credentials with the key used to encrypt and decrypt them. Any key name may be used as long as it is unique.
    • Description: Information about the key, for display purposes only.
    • PIN: The password for the HSM token that was set up for use by BeyondInsight. The token must have permission to create and access keys on the HSM.
  1. Click Save.