If not, does anybody offer FIPS 140-2 HSMs with PKCS#11 on the Azure marketplace?
Does Azure Key Vault service support PKCS#11?
1.8k Views Asked by Valo At
2
There are 2 best solutions below
1
On
The Fortanix Data Security Manager (DSM) SaaS product supports PKCS#11, works well, and is reasonably priced. It has direct connections to all of the major Cloud providers (so latency is extremely low) and provides redundancy as part of the base product. No, I don't work for them. Just a satisfied customer.
It looks like the Key Vault service does not support PKCS#11 - it's mostly, well, keys and secrets vault (secure store). However, the Azure dedicated HSM provides physical, dedicated, cryptographic key storage and services. They use SafeNet Luna Network HSM 7 (Model A790) appliance from Gemalto - FIPS 140-2 Level 3-validated devices, which also has an accessible PKCS#11 interface.