We use Vault Enterprise at my company, and I do a lot of the deployment/adminsit... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Daegalus on Nov 15, 2019 \| parent \| context \| favorite \| on: Vault 1.3 We use Vault Enterprise at my company, and I do a lot of the deployment/adminsitration of vault. The enterprise version supports PKCS11 and external HSM: https://www.vaultproject.io/docs/configuration/seal/pkcs11.h... and https://www.vaultproject.io/docs/configuration/entropy-augme... for reference. https://learn.hashicorp.com/vault/operations/ops-seal-wrap is a guide linked at the bottom

weitzj on Nov 15, 2019 [–]

Thanks. So to fully understand this - if I use seal wrapping with an HSM all secrets in Vault will be wrapped by the HSM and not only the masterkey/autounseal?

And even though the rest is then in software (Vault) I still have the same FIPS level as the HSM?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact