Deprecated. You need to use Thales Luna Object instead. You can integrate a Grid with a third-party, network-attached Hardware Security Modules (HSMs) for secure private key storage and generation, and zone-signing offloading. Infoblox appliances support integration with either SafeNet HSMs or Thales HSMs. When using a network-attached HSM, you can provide tight physical access control, allowing only selected security personnel to physically access the HSM that stores the DNSSEC keys.
The Hardware Security Module (HSM) SafeNet group represents the collection of HSM SafeeNet devices that are used for private key storage and generation.
Note that you can create one HSM SafeNet group in the Grid.
References to hsm:safenetgroup are object references.
The name part of the Theales HSM object reference has the following components:
- The HSM SafeNet group name
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): comment, hsm_version, name.
The following fields are required to create this object:
| Field | Notes |
|---|---|
| hsm_safenet | |
| hsm_version | |
| name | |
| pass_phrase |
The HSM SafeNet group comment.
Type
String.
Create
The default value is empty.
Search
The field is available for search via
Notes
The comment is part of the base object.
The HSM SafeNet group serial number.
Type
String.
Search
The field is not available for search.
Notes
The group_sn cannot be updated.
group_sn cannot be written.
The list of HSM SafeNet devices.
Type
A/An SafeNet Hardware Security Module struct array.
Create
The field is required on creation.
Search
The field is not available for search.
The HSM SafeNet version.
Type
String.
Create
The field is required on creation.
Search
The field is not available for search.
Notes
The hsm_version is part of the base object.
The hsm_version cannot be updated.
The HSM SafeNet group name.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
Notes
The name is part of the base object.
This function is used to synchronize the HSM SafeNet configuration of the HSM SafeNet devices.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
None
Output fields
results ( String. Valid values are: “PASSED”, “INACTIVE”, “FAILED” ) The result of the HSM synchronization operation.
This function is used to test and verify HSM SafeNet functionallity (key pair request, predefined blob signing) via the utilities of the vendor.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
None
Output fields
results ( String. Valid values are: “PASSED”, “INACTIVE”, “KEY_GEN”, “SIGNING” ) The result of the HSM status test operation.
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| comment | String | N | N | Y | : = ~ |
| group_sn | String | N | Y | N | N/A |
| hsm_safenet | [struct] | Y | N | N | N/A |
| hsm_version | String | Y | N | Y | N/A |
| name | String | Y | N | Y | : = ~ |
| pass_phrase | String | Y | N | N | N/A |
| status | String | N | Y | N | N/A |
