What are hardware security modules (HSM), why we need them and how they work.

Great stuff explained very well!

You're doing an amazing job of making difficult concepts easier to understand for those of us just starting off our cyber careers. Many thanks.

This is phenomenal. I had the privilege of reading something similar, and it was absolutely phenomenal. "Mastering AWS: A Software Engineers Guide" by Nathan Vale

Again much appreciated your video! Just done my Security+ and I wish to learn so much more about HSM.

Very well presented, the perfect level of depth

It is what I'm looking for. Thank you

Excellent video thanks!

thanks for the explanation!

This was exactly what I was looking for. Thanks.

Such a great explanation 👏👏👏 . There is no such series for this. It would be great if you could make one Azure Managed HSM and how to implement it using terraform

Thanks for the easy explanation

This is great, thank you very much

Hi Adrian. Probably the best summary of how HSMs work from a high level. I currently perform staging/whitelisting of SQL Servers IP Addresses on nCipher RFS Servers. I understand the process pretty well, but, myself and other Engineers differ on how for instance, an nCipher HSM protects a SQL Server data encryption key (DEK). We are in meetings, and they all act like the SQL DEK is stored on the HSM. And my understanding in brief terms, goes like this: 1) SQL TDE DEK, is the key that encrypts the SQL Database file. 2) I stage the SQL Servers IP Addresses in both an HSM and RFS Config file (that the HSM will later call). 3) In order to integrate SQL Database Servers into nCipher HSM, they must first have the Entrust Security World software installed, and then the SQLEKM.dll I believe, via an Option Pack. 4) Once that's all setup, they will create some accounts, and an account that maps to the the SQLEKM.dll provider that's installed and setup on SQL Database. 5) ( THIS is where I need validation on how I think this truly works ): They will run some SQL queries to setup/create an Asymmetric Key, i.e. a call made to the SQLEKM Provider, which interfaces with the HSM. 6) The HSM Master key creates a KEK (Key Encryption Key) which is processed by the SQLEKM, and the KEK is used via the tdeLogin/tdeCredential while at the same time, being protected by the SQLEKM Provider in the Entrust (nShield or nCipher) HSM, to finally, encrypt the SQL TDE "DEK" or data encryption key, and hence, you have the HSM providing Key Management....Is my explanation somewhat close or am I off a bit? I really want to understand this process and be able to tell the guys at work, and per Entrusts documentation, that the TDEDEK Symmetric key is "created by the SQL Server and CANNOT be exported from the database, meaning it cannot be created or directly protected by the SQLEKM Provider (nShield or nCipher HSM). I'm hoping for a reply from you, and, am also hoping for more in-depth videos on Entrust (or other Vendor) HSMs and the in-depth ways the process truly works. Also interesting is it's use in PKI. That I would like to learn more as well. Thank you for your time!!

Thank you, great work!

Great video! Which playlist should I watch to continue the HSM learning?

Hey Adrian I just wanted to let you know that you have added HSM Pictures in tech fundamentals learning aid in associate solution architect cource GitHub repository . I was a bit confused when I found it while going through the learning aids and instantly came here to know what HSM means

Perfect 👍

Amazing explanation thanks a million! One thing here how we should integrate it with KMIP?

Lets say I want to store signing keys for the some tokens in HSM. Fist of all is this a good idea.? Second, if yes then does this not add latency to sign all tokens?

how to make a data vault on top of HSM for storing credentials??

So what are some vulnerabilities to having a HSM?

Does HSM store software keys?

Raspberi Pi's ??