Hardware Security Module (HSM) data encryption with SafeNet

Besides the default encryption method, Password Manager Pro provides support for SafeNet Luna PCIe HSM to give administrators the option to enable hardware data encryption for Password Manager Pro.

1. SafeNet Hardware Security Module (HSM)

You can integrate Password Manager Pro with the SafeNet Hardware Security Module that can handle all the encryption and decryption methods. In addition to this, SafeNet HSM can also store the encrypted key directly in its hardware module that is fitted to a computer or a network server.

Password Manager Pro's integration with SafeNet Luna PCIe HSM allows you to use the HSM to encrypt your data as well as to store it within the device itself.

2. How SafeNet HSM works

3. How to configure SafeNet HSM for Password Manager Pro

If you choose SafeNet HSM as your encryption method, you first need to configure the HSM device for your network requirements.

You can download the SafeNet installation guide for steps on that.

After the installation process is complete, use command prompt to choose a slot number and set a password for the HSM. Once the set up is done, this slot number and password will be used to switch encryption methods.

After testing the HSM connection, you may continue with the migration process.

4. How to migrate to the SafeNet HSM Encryption method

You can follow the below steps to initiate the migration:

  • Stop the Password Manager Pro service.
  • Open a command prompt and navigate to <PMP_SERVER_HOME>\bin directory.
  • Execute the following command:

For Windows

For Linux
sh SwitchToHSM.sh

This will bring up the following dialog box:

Here, enter the SafeNet HSM password and slot number in the dialog box and click on Migrate.

Restart the Password Manager Pro service to complete the migration.

To check which method of encryption is currently applied to your data, go to Admin >> Configuration >> Encryption and HSM.