Prerequisites

Caution

In this guide, we will use the Linux Ubuntu 22 (amd 64). For other operating systems and Linux distributions, please refer to the referenced guides.

Before starting the process of integrating the Securosys CloudHSM or on-premises Primus HSM with the Securosys Docker Image Encryption Plugin, please meet all the necessary prerequisites listed here. Also, ensure you have access to the Securosys Support Portal.

Caution

Skopeo does not support Windows operating systems. For more information on supported operating systems for Skopeo, please visit: Skopeo Github project

Installed and configured Transaction Security Broker (TSB)

Ensure that you have access to Transaction Security Broker, installed, configured and and updated to:

• TSB Software v.1.16.1 or higher.

TSB is available both as on-premises or as-a-service with CloudHSM. For more information on how to configure and install TSB on-premises, follow Securosys TSB On-Prem Installation Guide.

You can download the Securosys TSB Software from the Securosys Support Portal.

Configured Securosys Primus HSM

If you have configured the TSB with on-premises Primus HSM security architecture, ensure that the Primus HSM is updated to the following firmware:

• Primus HSM Firmware v2.8.21, v2.11 or higher.

You can download the Securosys Primus HSM firmware from the Securosys Support Portal (account required).

In the CloudHSM Economy (ECO) and Sandbox (SBX) services, this requirement is met and therefore no additional action is required.

CAUTION

The guide does not cover the initial setup of the Primus HSM. Follow the procedures outlined in Primus HSM device setup with wizard 2.11+. Ensure that the settings align with the TSB requirements as specified in Primus HSM device configuration for TSB.

Required Licenses from Securosys

According to your security architecture, you will require the following licenses:

On-premises HSM

• With Multi-Authorization Workflow:
  • TSB Server Software License
  • Primus HSM with:
    • Attestation License
    • Smart Key Attributes (SKA) License
• Without Multi-Authorization Workflow:
  • TSB Server Software License
  • Primus HSM with:
    • Attestation License

Cloud HSM

• With Multi-Authorization Workflow:
  • TSB Server as a Service ECO, or
  • TSB Server as a Service SBX
• Without Multi-Authorization Workflow:
• CloudHSM Economy (ECO) and CloudHSM RESTful API ECO, or
• CloudHSM Sandbox (SBX) and CloudHSM RESTful API SBX

TIP

CloudHSM TSBaaS is bound to CloudHSM Economy (ECO) or Sandbox (SBX) services.

Docker installation

Before proceeding, ensure that Docker is installed and running on your system.

If Docker is not yet installed, follow the Install Docker Engine on Ubuntu guide.

For other operating system docker installations please see Get Docker.

Warning

On some occasions, commands may require root permissions. Your system and Docker user permissions should be configured beforehand to avoid any potential permission issues.