Keysafe 5 v1.3 Installation and Upgrade Guide


KeySafe 5 provides a centralized means to securely manage a distributed nShield HSM estate, including the creation and management of Security Worlds and associated resources (Softcards & Card Sets).

KeySafe 5 provides this capability in two forms: HTTP REST APIs for HSM Management and Security World management, and a graphical user interface. Only authenticated clients are permitted access to the service, providing assurance that your HSM and Security World data remain usable only by clients that are permitted access.

Typical KeySafe 5 deployment:

keysafe5 deployment

KeySafe 5 can be deployed as a Kubernetes application to manage a large estate of HSMs, or ran in single binary executable format to manage a single nShield Security World host machine and attached HSMs, see KeySafe 5 Local.

For each nShield client machine that you want to manage using this platform, you must install a KeySafe 5 agent binary alongside the existing nShield hardserver. A KeySafe 5 agent is installed on the nShield Connect for nShield Connect images released with Security World v13.4 and later software.