Thales HSM

Set up a Thales HSM record to allow us to use private keys stored in your HSM (Hardware Security Module) via the HSM API. Thales HSM is supported for Unix authenticated scanning. A Unix authentication record is also required.

Set up your HSM Record

Go to VM > Scans > Authentication and choose New > HSM. Then choose New > Thales. Provide details about where the private keys are stored in your Thales HSM.

QSAA Id - One or more QSAA appliances have been installed by Qualys in your environment. Choose the appliance you want to use for secure connections with this HSM.

Slot Type - Choose the appropriate slot type where the private keys reside: module, ocs, softcard.

Slot Name - Enter the slot name.

User PIN / Confirm User PIN -  Enter the HSM user PIN (HSM token password) when required by the HSM slot that you've selected.

Select HSM in your Unix Record

In your Unix authentication record, you'll need to select HSM as the private key mechanism and provide information about the target hosts you want to authenticate to.

What are the steps?

- Go to the Private Keys/Certificates tab in your Unix record and choose "Add Private Key/Certificate".

- Select HSM as the private key mechanism used to fetch the private key.

- Select the Thales HSM Record already created and enter the HSM label (the key name).

Learn more

How does it work?

Tell me about user permissions