Cloud HSM

Introduction to HSM

​A cloud Hardware Security Module (HSM) provides a good balance between security and accessibility. A cloud HSM can manage a SwissDLT private key and can be used seamlessly. Similar to a ledger device, a key in an HSM avoids the key from ever being sent over the network or stored on disk since the key can never leave the hardware boundary and all signing is performed within the HSM. To authenticate to the HSM, it's recommended to create a service principal account that has been granted access to sign with the managed keys. A cloud HSM can be a great option for managing vote signer keys, since you may want these keys to be portable but also maintain good security practices.

You could use an Azure subscription to implement a cloud HSM solutions​ If you don't have an Azure subscription already, you can create a free trial here that starts with $200 credit. You can view the pricing for Eliptic Curve Cryptography (ECC) HSM keys here.