ABOUT HASHICORP
HashiCorp is a cloud infrastructure automation company that enables organizations to adopt consistent workflows to provision, secure, connect, and run any infrastructure for any application. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, and Nomad are downloaded thousands of times per day and are broadly adopted by the Global 2000. Enterprise versions of these products enhance the open source tools with features that promote collaboration, operations, governance, and multi-data center functionality. The company is headquartered in San Francisco and backed by Mayfield, GGV Capital, Redpoint, and True Ventures. For more information, visit https://www.hashicorp.com or follow HashiCorp on Twitter @HashiCorp.
OVERVIEW
Thales TCT’s Luna SA for Government Hardware Security Module (HSM) integrates with HashiCorp Vault Enterprise to provide enhanced hardware-based security for its critical security parameters and master key.
SOLUTION
HashiCorp Vault Enterprise and Thales TCT Luna HSM
HashiCorp Vault Enterprise is a tool for managing secrets whether they are passwords, tokens, keys or any other pieces of data that require secure storage and controlled access. Thales TCT’s Luna HSM integrates with Vault to bring hardware-based, FIPS 140-2 Level 2 or 3 validated security to the configuration. As stated by HashiCorp, the following additional security benefits are seen by utilizing a Luna HSM:
- Master Key Wrapping: Vault protects its master key by transiting it through the HSM for encryption rather than splitting into key shares
- Automatic Unsealing: Vault stores its HSM-wrapped master key in storage, allowing for automatic unsealing
- Seal Wrapping: Provides FIPS KeyStorage-conforming functionality for Critical Security Parameters
