Prerequisites
This symbol contains helpful or important information for setting up Securosys Docker Signing Plugin
This symbol means to be careful and obey all instructions. You might do something that could result in data loss
Feature or action requires role activation using
- Genesis Card
- Security Officer (SO) Cards 2 of n
Support Contacts
If you encounter a problem while installing/configuring the provider or integrating the HSM with the Securosys Docker Signing Notation plugin, make sure that you have read the referenced documentation. If you cannot resolve the issue, please contact Securosys Customer Support.
For more specific requests regarding Securosys Docker Signing Notation plugin, please use the Securosys Support Portal.
Abbreviations
| Acronym | Definition |
|---|---|
| API | Application Programming Interface |
| CA | Certificate Authority |
| CISO | Chief Information Security Officer |
| CLI | Command Line Interface |
| CloudHSM | HSM as a service, operated by Securosys. View more |
| ECC | Elliptic-Curve Cryptography |
| FIPS 140-2 | Federal Information Processing Standard 140-2 |
| FW | Firmware |
| HA | High Availability |
| HSM | Hardware Security Module (physical or as a service) |
| mTLS | Mutual Transport Layer Security |
| RSA | Rivest-Shamir-Adleman asymmetric encryption algorithm |
| SBX | CloudHSM HSM as a Service SBX (Sandbox) offering, pre-production/test environment. View more |
| TSB | Transaction Security Broker (TSB), middleware to Primus HSM / CloudHSM providing REST API and multi-authorization (approval) workflow engine. TSB can be operated as workflow engine or solely as REST API, depending on Primus HSM or CloudHSM license / subscription |
| ECO | CloudHSM HSM as a Service ECO (Economy) offering, production environment. View more |
Installed and configured Transaction Security Broker
Ensure that Transaction Security Broker (TSB) is installed, configured and updated to:
- TSB Software v.1.18.0 or higher.
Transaction Security Broker (TSB) is available both as on-premises or as-a-service with CloudHSM. For more information on how to configure and install TSB on-premises, follow Securosys TSB On-Prem Installation Guide.
You can download the Transaction Security Broker (TSB) from the Securosys Support Portal. (account required).
Configured Securosys Primus HSM
If you have configured the TSB with on-premises Primus HSM security architecture, ensure that the Primus HSM is updated to the following firmware:
- Primus HSM Firmware v2.8.21, v2.11 or higher.
You can download the Securosys Primus HSM firmware from the Securosys Support Portal (account required).
In the CloudHSM ECO and SBX service this requirement is met and therefore no additional action is required.
Required Licenses from Securosys
Depending on your security architecture, you will require the following licenses:
On-premises Primus HSM installations:
With Multi-Authorization Workflow:
-
Transaction Security Broker (TSB) Server Software License
-
Primus HSM with:
-
Attestation License
-
Smart Key Attribute (SKA) License
-
Without Multi-Authorization Workflow:
-
Transaction Security Broker (TSB) Server Software License
-
Primus HSM with:
- Attestation License
CloudHSM subscription: (CloudHSM TSBaaS is bound to CloudHSM ECO or SBX partition)
With Multi-Authorization Workflow:
-
Transaction Security Broker (TSB) Server as a Service Economy (ECO), or
-
Transaction Security Broker (TSB) Server as a Service Sandbox (SBX)
Without Multi-Authorization Workflow:
-
CloudHSM Economy (ECO) and CloudHSM RESTful API ECO, or
-
CloudHSM Sandbox (SBX) and CloudHSM RESTful API SBX
Docker installation
Before proceeding, ensure that Docker is installed and running on your system.
In this guide, we will use the Linux Ubuntu 22 (amd 64), for other operating systems and Linux distributions, please refer to the referenced guides.
If Docker is not yet installed, please follow the Linux Ubuntu installation guide.
For other operating system docker installations, please see this guide.