# Virtual HSM ## Virtual HSM - [Virtual HSM](https://docs.enclaive.cloud/virtual-hsm/virtual-hsm.md): Migrate your Hardware Security Module to the cloud for enhanced scalability and flexibility. Securely bring your own keys while utilizing hardware-graded security to ensure their protection. - [Documentation](https://docs.enclaive.cloud/virtual-hsm/documentation.md) - [What is Virtual HSM?](https://docs.enclaive.cloud/virtual-hsm/documentation/what-is-virtual-hsm.md) - [Why a vHSM](https://docs.enclaive.cloud/virtual-hsm/documentation/why-a-vhsm.md) - [How does it work?](https://docs.enclaive.cloud/virtual-hsm/documentation/how-does-it-work.md) - [Use Case](https://docs.enclaive.cloud/virtual-hsm/documentation/use-case.md) - [Setup](https://docs.enclaive.cloud/virtual-hsm/documentation/setup.md) - [Installation](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/installation.md): Install vHSM to effectively managing identities and access controls for workloads spread across multiple clouds and on-premises environments - [Server](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/installation/server.md): Install vHSM to effectively managing identities and access controls for workloads spread across multiple clouds and on-premises environments - [CLI](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/installation/cli.md) - [Configuration](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration.md): Learn how to write a config file to start the server in different operation modes. - [Server](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration/server.md): Explore example configurations for setting up vHSM storage and configuring the vHSM CLI for attestation. - [Parameters](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration/server/parameters.md): Learn more about the parameters that you can configure to run the vHSM server. - [Telemetry](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/configuration/server/telemetry.md): Learn about the telemetry parameters that you need for an aggregation software such as Prometheus. - [vHSM Agent](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/vhsm-agent.md): Learn about using Agent for rendering secrets into files or environment variables, allowing your applications to consume them seamlessly without directly interacting with vHSM APIs. - [Agent Configuration](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/vhsm-agent/agent-configuration.md): Learn about configuring an Agent for vHSM - [vHSM Proxy](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/vhsm-proxy.md): Learn about using Proxy for authentication, caching, and secure communication to streamline vHSM adoption. - [Proxy Configuration](https://docs.enclaive.cloud/virtual-hsm/documentation/setup/vhsm-proxy/proxy-configuration.md): Learn about configuring a Proxy for vHSM - [Getting Started](https://docs.enclaive.cloud/virtual-hsm/documentation/getting-started.md) - [Start the server](https://docs.enclaive.cloud/virtual-hsm/documentation/getting-started/start-the-server.md) - [Activate Nitride](https://docs.enclaive.cloud/virtual-hsm/documentation/getting-started/activate-nitride.md) - [MariaDB root admin password provisioning on Azure DCXas\_v5 VM](https://docs.enclaive.cloud/virtual-hsm/documentation/getting-started/mariadb-root-admin-password-provisioning-on-azure-dcxas_v5-vm.md): In this self-contained tutorial we show how to provision a MariaDB container running in a confidential "buckypaper" VM on Azure. The tutorial easily transfers to any other CSP with buckypaper VMs. - [Supported Cloud Configurations](https://docs.enclaive.cloud/virtual-hsm/documentation/supported-cloud-configurations.md) - [Tutorials](https://docs.enclaive.cloud/virtual-hsm/tutorials.md) - [Deploying the vhsm Container on an EC2 Instance](https://docs.enclaive.cloud/virtual-hsm/tutorials/deploying-the-vhsm-container-on-an-ec2-instance.md): Learn to deploy the vhsm container on an EC2 instance by pulling a docker image from ECR. - [CLI quickstart](https://docs.enclaive.cloud/virtual-hsm/tutorials/cli-quickstart.md): vHSM (Virtual Hardware Security Module) provides cryptographic operations, key management, and secure attestation. - [vHSM Agent quickstart](https://docs.enclaive.cloud/virtual-hsm/tutorials/vhsm-agent-quickstart.md): Learn to start vHSM Agent and to load data to vHSM server - [vHSM Proxy quickstart](https://docs.enclaive.cloud/virtual-hsm/tutorials/vhsm-proxy-quickstart.md): Learn to start vHSM Proxy and read secrets from a specified path in the vHSM server through vHSM Proxy. - [Passing vHSM secrets using ConfigMaps](https://docs.enclaive.cloud/virtual-hsm/tutorials/passing-vhsm-secrets-using-configmaps.md): Learn to inject vHSM secrets using ConfigMaps to an application running in Kubernetes. - [Provisioning MariaDB Password on Azure DCXas\_v5 VM](https://docs.enclaive.cloud/virtual-hsm/tutorials/provisioning-mariadb-password-on-azure-dcxas_v5-vm.md): This tutorial guides you through provisioning a MariaDB container on a confidential buckypaper VM in Azure. The steps can be easily adapted for any cloud service provider that supports buckypaper. - [Registering a buckypaper plugin](https://docs.enclaive.cloud/virtual-hsm/tutorials/registering-a-buckypaper-plugin.md): Learn how to register a buckypaper plugin in a vHSM server. - [Monitoring vHSM with Grafana](https://docs.enclaive.cloud/virtual-hsm/tutorials/monitoring-vhsm-with-grafana.md): Learn to monitor the performance and usage of vHSM server with Grafana. - [Installation and Attestation on Hetzner Baremetal VMs](https://docs.enclaive.cloud/virtual-hsm/tutorials/installation-and-attestation-on-hetzner-baremetal-vms.md) - [Integrations](https://docs.enclaive.cloud/virtual-hsm/integrations.md) - [Integration with Utimaco SecurityServer](https://docs.enclaive.cloud/virtual-hsm/integrations/integration-with-utimaco-securityserver.md): Learn about integrating Enclaive vHSM with Utimaco Security Server and how their combined capabilities strengthen cryptographic security, key management, and data protection. - [Integrate enclaive vHSM with Utimaco HSM](https://docs.enclaive.cloud/virtual-hsm/integrations/integration-with-utimaco-securityserver/integrate-enclaive-vhsm-with-utimaco-hsm.md): Learn how to install and configure enclaive vHSM with Utimaco HSM - [Install vHSM on Red Hat OpenShift](https://docs.enclaive.cloud/virtual-hsm/integrations/install-vhsm-on-red-hat-openshift.md) - [Install vHSM on AWS](https://docs.enclaive.cloud/virtual-hsm/integrations/install-vhsm-on-aws.md) - [CLI](https://docs.enclaive.cloud/virtual-hsm/cli.md) - [Authentication and Authorization](https://docs.enclaive.cloud/virtual-hsm/cli/authentication-and-authorization.md) - [vhsm login](https://docs.enclaive.cloud/virtual-hsm/cli/authentication-and-authorization/vhsm-login.md): Learn to authenticate users to vHSM server. - [vhsm auth](https://docs.enclaive.cloud/virtual-hsm/cli/authentication-and-authorization/vhsm-auth.md): Learn to manage authentication methods for vHSM server. - [vhsm token](https://docs.enclaive.cloud/virtual-hsm/cli/authentication-and-authorization/vhsm-token.md): Learn about managing authentication tokens in vHSM server. - [vhsm policy](https://docs.enclaive.cloud/virtual-hsm/cli/authentication-and-authorization/vhsm-policy.md): Learn to write, read, list, and delete vHSM policies - [Security and Encryption](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption.md) - [vhsm pki](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-pki.md): Learn to manage and interact with the PKI Secrets Engine in vHSM server. - [vhsm pki health-check](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-health-check.md): Learn to verify the health of a specific PKI secrets engine - [vhsm pki issue](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-issue.md): Learn to create an intermediate certificate authority (CA) certificate. - [vhsm pki list-intermediates](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-list-intermediates.md): Learn how to determine which certificates were issued by a parent certificate. - [vhsm pki reissue](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-reissue.md): Learn to reissue a Certificate Authority (CA) certificate using an existing issuer as a template. - [vhsm pki verify-sign](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-verify-sign.md): Learn to verify if the issuer has signed the certificate - [vhsm transit](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-transit.md): Learn to manage vHSM's Transit secrets engine - [vhsm ssh](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-ssh.md) - [vhsm transform](https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-transform.md) - [Server and Infrastructure Management](https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management.md) - [vhsm server](https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management/vhsm-server.md) - [vhsm proxy](https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management/vhsm-proxy.md): Learn about authentication, caching, and secure communication to streamline vHSM adoption. - [vhsm monitor](https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management/vhsm-monitor.md): Learn to monitor the log messages of a vHSM server. - [vhsm status](https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management/vhsm-status.md): Learn about the current status of vHSM server. - [vhsm agent](https://docs.enclaive.cloud/virtual-hsm/cli/server-and-infrastructure-management/vhsm-agent.md): Learn to start a vHSM agent for managing token lifecycle, writing tokens to sinks, and acting as an identity broker in specific deployment. - [Secret Management](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management.md) - [vhsm read](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-read.md): Learn to retrieve data from a specified path in a vHSM server. - [vhsm write](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-write.md): Learn to write data to a vHSM server at a specified path to store credentials, secrets, configurations, or arbitrary data. - [vhsm delete](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-delete.md): Lean to remove the secrets and configurations from vHSM server. - [vhsm list](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-list.md): Learn to retrieve a list of data or secrets in a vHSM server - [vhsm secrets](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-secrets.md): Learn to interact with vHSM's secrets engine - [vhsm secrets enable](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-secrets/vhsm-secrets-enable.md): Learn to enable secrets engine at a specific path. - [vhsm secrets disable](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-secrets/vhsm-secrets-disable.md): Learn to disable secrets engine at a specified path. - [vhsm secrets list](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-secrets/vhsm-secrets-list.md): Learn to view all the enabled secrets engine on the vHSM server. - [vhsm secrets move](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-secrets/vhsm-secrets-move.md): Learn to move an existing secrets engine to a new path in a vHSM server - [vhsm secrets tune](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-secrets/vhsm-secrets-tune.md) - [vhsm unwrap](https://docs.enclaive.cloud/virtual-hsm/cli/secret-management/vhsm-unwrap.md): Learn to unwarp a wrapped secret from vHSM using a wrapping token. - [Configuration and Management](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management.md) - [vhsm plugin](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-plugin.md): Learn to list, register, inspect, deregister, and reload plugins used by vHSM - [vhsm plugin info](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-plugin/vhsm-plugin-info.md): Learn to fetch information about the plugin in vHSM plugin catalog. - [vhsm plugin deregister](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-plugin/vhsm-plugin-deregister.md): Learn to deregister a plugin from vHSM's plugin catalog. - [vhsm plugin list](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-plugin/vhsm-plugin-list.md): Learn to list all the available plugins that are registered in the vHSM plugin catalog - [vhsm plugin register](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-plugin/vhsm-plugin-register.md): Learn to add a plugin to vHSM's plugin catalog. - [vhsm plugin reload](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-plugin/vhsm-plugin-reload.md): Learn to reload a monted plugin backend in vHSM. - [vhsm plugin reload-status](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-plugin/vhsm-plugin-reload-status.md): Learn to check the status of the reloaded plugin in vHSM - [vhsm namespace](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-namespace.md): Learn to manage the namespaces in vHSM server - [vhsm operator](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-operator.md) - [vhsm print](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-print.md): Learn to interact with VHSM's runtime values - [vhsm path-help](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-path-help.md) - [vhsm lease](https://docs.enclaive.cloud/virtual-hsm/cli/configuration-and-management/vhsm-lease.md): Learn to use vhsm lease command to interact with the leases attached to the secrets. - [Attestation](https://docs.enclaive.cloud/virtual-hsm/cli/attestation.md): Learn to interact with RA-TLS plugin. - [Storage and Data Mangement](https://docs.enclaive.cloud/virtual-hsm/cli/storage-and-data-mangement.md) - [vhsm kv](https://docs.enclaive.cloud/virtual-hsm/cli/storage-and-data-mangement/vhsm-kv.md): Learn to use kv command for interacting with vHSM's key/value secrets engine. - [vhsm patch](https://docs.enclaive.cloud/virtual-hsm/cli/storage-and-data-mangement/vhsm-patch.md): Learn to update data in a vHSM server at a specified path. - [Auditing and Debugging](https://docs.enclaive.cloud/virtual-hsm/cli/auditing-and-debugging.md) - [vhsm audit](https://docs.enclaive.cloud/virtual-hsm/cli/auditing-and-debugging/vhsm-audit.md): Learn about managing vHSM audit devices - [vhsm debug](https://docs.enclaive.cloud/virtual-hsm/cli/auditing-and-debugging/vhsm-debug.md): Learn to debug vHSM server by starting a process that collects and probes information for a specific duration. - [vhsm version](https://docs.enclaive.cloud/virtual-hsm/cli/vhsm-version.md): Learn to print the installed vHSM version. - [vhsm version-history](https://docs.enclaive.cloud/virtual-hsm/cli/vhsm-version/vhsm-version-history.md): Learn to list the historical versions of vHSM server that was installed - [API](https://docs.enclaive.cloud/virtual-hsm/api.md) - [Auth](https://docs.enclaive.cloud/virtual-hsm/api/auth.md) - [Enclaive Vault API](https://docs.enclaive.cloud/virtual-hsm/api/enclaive-vault-api.md) - [Secrets](https://docs.enclaive.cloud/virtual-hsm/api/secrets.md) - [Identity](https://docs.enclaive.cloud/virtual-hsm/api/identity.md) - [System](https://docs.enclaive.cloud/virtual-hsm/api/system.md) - [Models](https://docs.enclaive.cloud/virtual-hsm/api/models.md) - [Troubleshooting](https://docs.enclaive.cloud/virtual-hsm/troubleshooting.md) - [CA Validity Period](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/ca-validity-period.md): Perform the recommended actions based on the status of the CA validity period that was reported by PKI health check. - [CRL Validity Period](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/crl-validity-period.md): Perform the recommended actions based on the status of the CRL validity period that was reported by PKI health check. - [Root Certificate Issued Non-CA Leaves](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/root-certificate-issued-non-ca-leaves.md): Perform the recommended actions that ensures a proper Certificate Authority (CA) hierarchy is followed by verifying that leaf certificates are not issued directly by a root CA . - [Role Allows Implicit Localhost Issuance](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/role-allows-implicit-localhost-issuance.md): Perform the recommended actions that ensures roles do not unintentionally allow certificates to be issued for localhost-based domains. - [Role Allows Glob-Based Wildcard Issuance](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/role-allows-glob-based-wildcard-issuance.md): Perform the recommended actions to ensure that none of the defined roles simultaneously allow both glob domains and wildcard certificate issuance. - [Performance Impact](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/performance-impact.md): Perform necessary actions to ensure that no\_store=false is applied only to non-ACME roles, configure short certificate lifetimes, and use BYOC revocations to effectively manage certificate cleanup. - [Accessibility of Audit Information](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/accessibility-of-audit-information.md): Perform necessary actions to ensure that vHSM’s audit configurations follow the recommended practices for safe and unsafe audit parameters. - [Allow If-Modified-Since Requests](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/allow-if-modified-since-requests.md): Perform necessary actions to ensure optimal header configuration for efficient caching and improved client-side performance . - [Auto-Tidy Disabled](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/auto-tidy-disabled.md): Take the necessary steps to ensure that vHSM’s auto-tidy functionality is enabled, allowing for efficient and regular cleanup of revoked certificates, expired certificate data, and related resources. - [Tidy Hasn't Run](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/tidy-hasnt-run.md): Perform necessary steps to ensure that the tidy process runs within a recommended timeframe. - [Too Many Certificates](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/too-many-certificates.md): Take necessary steps to monitor the total number of stored certificates in the vHSM cluster. - [Enable ACME Issuance](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/enable-acme-issuance.md) - [ACME Response Headers Configuration](https://docs.enclaive.cloud/virtual-hsm/troubleshooting/acme-response-headers-configuration.md): Perform necessary steps to ensure that the ACME protocol does not fail during the client-server communication. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/virtual-hsm/virtual-hsm.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.