How to connect HSM & Vault


We plan on using a HSM (on-prem) for the auto-unsealing with Vault. I have gone through some of Vault’s documentation online and the typical details I found for the seal configuration of the hsm are as follows:

seal “pkcs11” {
lib = “/usr/vault/lib/”
slot = “2305843009213693953”
key_label = “vault-hsm-key”
hmac_key_label = “vault-hsm-hmac-key”

How do you specify the IP address of the HSM that Vault needs to talk to? So that vault knows how to communicate with the HSM? I have not found where this is configured anywhere online.

Maybe I am missing a trick here or completely misunderstood something. Would appreciate if someone can help with this.

Thank you

1 Like