Configuration
You must configure Securosys HSM for the integration with Secret Server. For an overview of the HSM configuration and the high-level configuration steps, see Primus HSM Configuration in the Securosys documentation.
This topic describes how to perform the following configuration steps:
-
Configure an HSM by using the PKCS#11 configuration file.
-
Connect to the HSM to extract and save the user secret.
Configuring Securosys HSM
To configure Securosys HSM:
-
Open the PKCS#11 configuration file, primus.cfg, for editing.
-
The default location of the file in Windows is \Program Files\Securosys\PrimusP11\primus.cfg
-
The default location of the file in Linux is /usr/local/primus/etc/primus.cfg
-
-
Configure one HSM by updating the host, port, and username. Remove the
proxy_password
.We recommend that you configure multiple high-availability (HA) clusters to allow for redundancy and load balancing. For details of HA cluster setup, see the Primus HSM User Guide.
-
Use the ppin utility to connect to the HSM and extract and save the user's secret:
-
Open a terminal as an administrator.
-
Change the directory to the Primus PKCS#11 installation directory where the ppin utility is located.
In Windows, you can find ppin in Primus PKCS#11 installation directory\ppin.exe. In Linux, you can find ppin in Primus PKCS#11 installation directory/bin/ppin.
-
Type
pin -a -e <YOUR_USERNAME>
-
Enter your setup password and the PKCS11 password.
You can obtain the setup and the PKCS11 passwords from your HSM administrator.
-
The message "User has permanent secret configured" appears.