Posts tagged HSM

2 posts

Cloud

Multi-PKI on a Single CloudHSM Cluster — Why KMS Is the Wrong Tool for Certificate Authorities

AWS KMS can technically sign with asymmetric keys, but it speaks REST — not PKCS#11. For PKI workloads that need HSM-backed signing, key export, and multi-tenant isolation, CloudHSM's Crypto User model gives you partition-equivalent isolation without legacy constraints.

04 Jun 2026·20 MIN READ Read →

Cloud

When Your Keys Get Locked In: Navigating AWS KMS Import Limitations

AWS KMS doesn't allow key material export by design. When an external PKI partner generates keys but doesn't retain them, you're stuck. Here are the four AWS alternatives — CloudHSM, XKS, Private CA, and fixing the process — with a decision framework to pick the right one.

05 Mar 2026·14 MIN READ Read →

Back to Blog