Introduction

Delinea Secret Server includes support for the Entrust nShield Connect Hardware Security Module (HSM). The nShield Connect HSM brings an additional layer of protection by controlling the Delinea Secret Server encryption key. This document describes the procedure to integrate Delinea Secret Server with the nShield Connect HSM.

Product configurations

Entrust has successfully tested nShield HSM integration with Delinea Secret Server in the following configurations:

Product Version

Delinea Secret Server

11.6.000025 - Platinum Edition

SQL Server 2022

16.0.1000.6 Express Edition (64-bit)

SQL Server Management Studio

20.0.70.0

IIS

10.0.20348.1

Base OS

Microsoft Windows Server 2022

Supported nShield features

Entrust has successfully tested nShield HSM integration with the following features:

Feature CNG Cryptography Provider PCKS #11 API

Softcards

No

Yes

Module Only Key

Yes

Yes

Operator Card Set (OCS)

Yes but without a passphrase

Yes

nSaaS

Supported but not tested

Supported but not tested
Security World Support

FIPS 140 Level 2

Yes

FIPS 140 Level 3

Yes

Supported nShield hardware and software versions

Entrust has successfully tested with the following nShield hardware and software versions:

Connect XC

Security World Software Firmware Netimage OCS Softcard Module

12.80.4

12.72.1 (FIPS 140-2 certified)

12.80.5

12.80.4

12.50.11 (FIPS 140-2 certified)

12.80.4

12.80.4

12.60.15 (CC certified)

12.80.4

13.4.4

12.50.11 (FIPS 140-2 certified)

12.80.4

nShield 5c

Security World Software Firmware Netimage OCS Softcard Module

13.2.2

13.2.2

13.2.2

Requirements

The following are needed for this integration:

  • A server running Delinea Secret Server.

  • An nShield Connect HSM.