Hi,
We plan on using a HSM (on-prem) for the auto-unsealing with Vault. I have gone through some of Vault’s documentation online and the typical details I found for the seal configuration of the hsm are as follows:
seal “pkcs11” {
lib = “/usr/vault/lib/libCryptoki2_64.so”
slot = “2305843009213693953”
pin = “AAAA-BBBB-CCCC-DDDD”
key_label = “vault-hsm-key”
hmac_key_label = “vault-hsm-hmac-key”
}
How do you specify the IP address of the HSM that Vault needs to talk to? So that vault knows how to communicate with the HSM? I have not found where this is configured anywhere online.
Maybe I am missing a trick here or completely misunderstood something. Would appreciate if someone can help with this.
Thank you