Skip to content

CloudHSM (Cloud Hardware Security Module)

Overview

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables customers to generate and use their own encryption keys on the AWS Cloud with full control and ownership.

Key Features

  • Dedicated hardware security modules
  • Fully managed, single-tenant HSM instances
  • Supports industry-standard encryption standards
  • Compliant with various security regulations (FIPS 140-2 Level 3)

Primary Use Cases

  • Cryptographic key management
  • Secure key storage
  • Encryption and decryption operations
  • Public Key Infrastructure (PKI)
  • Regulatory compliance requirements

Security Capabilities

  • Generate and protect cryptographic keys
  • Perform cryptographic operations
  • Secure key lifecycle management
  • Isolation from other AWS customers

Supported Standards

  • PKCS#11
  • OpenSSL
  • Microsoft CryptoNG (CNG)
  • Java Cryptography Extensions (JCE)

Benefits

  • Enhanced security through hardware-based key protection
  • Meets strict compliance and regulatory requirements
  • Scalable encryption infrastructure
  • Reduced operational complexity