Organizations can add Thales Luna Network HSMs as a service available to either applications on the Tanzu Application Service or to Tanzu Credhub using a TAS Java buildpack. Pivotal’s work in integrating the Thales Luna Network HSM client via the Java buildpack removes much of the complexity of installing an HSM, and requires only that the developer correctly set up and register an HSM partition.
Integration Features: Thales Luna Network HSMs preserve the integrity of the certificates and secrets developers use to secure their applications and the Tanzu platform. Whether those secrets are used to sign transactions, identify an application, or secure a Credhub instance, HSMs serve as a trusted foundation for any cryptographic framework.
Key features for Thales Network HSMs include:
- Multiple roles for administration (e.g. Security Owner, Crypto Owner, Crypto User) to improve oversight
- Strong separation of duties ensure that application developers never have access to sensitive data in cleartext
- Partitioning and strong cryptographic separation allow for secure scalability
- Secure audit logging records all cryptographic changes and transactions to improve security and compliance reporting
- Multi person MofN with multi-factor authentication ensure that no single administrator can affect changes or view cleartext data
- High performance with over 20,000 ECC and 10,000 RSA operations per second for high performance use cases
- Luna utilization metrics (QOS) tool lets customers monitor and maintain continued encryption/decryption operations as applications are run in production.