You can integrate a Grid with a third-party, network-attached Hardware Security Modules (HSMs) for secure private key storage and generation, and zone-signing offloading. Infoblox appliances support integration with either Thales Luna HSMs or Entrust nShield HSMs. When using a network-attached HSM, you can provide tight physical access control, allowing only selected security personnel to physically access the HSM that stores the DNSSEC keys.
The Hardware Security Module (HSM) Thales Luna group represents the collection of HSM Thales Luna devices that are used for private key storage and generation.
Note that you can create one HSM Thales Luna group in the Grid.
References to hsm:thaleslunagroup are object references.
The name part of the Thales Luna HSM object reference has the following components:
- The HSM Thales Luna group name
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): comment, hsm_version, name.
The following fields are required to create this object:
| Field | Notes |
|---|---|
| hsm_version | |
| name | |
| pass_phrase | |
| thalesluna |
The HSM Thales Luna group comment.
Type
String.
Create
The default value is empty.
Search
The field is available for search via
Notes
The comment is part of the base object.
The HSM Thales Luna group serial number.
Type
String.
Search
The field is not available for search.
Notes
The group_sn cannot be updated.
group_sn cannot be written.
The HSM Thales Luna version.
Type
String.
Create
The field is required on creation.
Search
The field is not available for search.
Notes
The hsm_version is part of the base object.
The hsm_version cannot be updated.
The HSM Thales Luna group name.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
Notes
The name is part of the base object.
The pass phrase used to unlock the HSM Thales Luna keystore.
Type
String.
Create
The field is required on creation.
Search
The field is not available for search.
Notes
pass_phrase is not readable.
The status of all HSM Thales Luna devices in the group.
Type
String.
Search
The field is not available for search.
Notes
The status cannot be updated.
status cannot be written.
The list of HSM Thales Luna devices.
Type
A/An Thales Luna Hardware Security Module struct array.
Create
The field is required on creation.
Search
The field is not available for search.
This function is used to synchronize the HSM Thales Luna configuration of the HSM Thales Luna devices.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
None
Output fields
results ( String. Valid values are: “PASSED”, “INACTIVE”, “FAILED” ) The result of the HSM synchronization operation.
This function is used to test and verify HSM Thales Luna functionallity (key pair request, predefined blob signing) via the utilities of the vendor.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
None
Output fields
results ( String. Valid values are: “PASSED”, “INACTIVE”, “KEY_GEN”, “SIGNING” ) The result of the HSM status test operation.
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| comment | String | N | N | Y | : = ~ |
| group_sn | String | N | Y | N | N/A |
| hsm_version | String | Y | N | Y | N/A |
| name | String | Y | N | Y | : = ~ |
| pass_phrase | String | Y | N | N | N/A |
| status | String | N | Y | N | N/A |
| thalesluna | [struct] | Y | N | N | N/A |
