Best practices for securing Managed HSM
This article provides best practices for securing your Azure Key Vault Managed HSM key management system. For a full list of security recommendations, see the Azure Managed HSM security baseline.
Control access to your managed HSM
Managed HSM is a cloud service that safeguards cryptographic keys. Because these keys are sensitive and critical to your business, make sure that you secure your managed HSMs by allowing access only by authorized applications and users. Managed HSM access control provides an overview of the access model. It explains authentication, authorization, and role-based access control (RBAC).
To control access to your managed HSM:
- Create a Microsoft Entra security group for the HSM Administrators (instead of assigning the Administrator role to individuals) to prevent "administration lockout" if an individual account is deleted.
- Lock down access to your management groups, subscriptions, resource groups, and managed HSMs. Use Azure role-based access control (Azure RBAC) to control access to your management groups, subscriptions, and resource groups.
- Create per-key role assignments by using Managed HSM local RBAC.
- To maintain separation of duties, avoid assigning multiple roles to the same principals.
- Use the least-privilege access principle to assign roles.
- Create a custom role definition by using a precise set of permissions.
Create backups
Be sure that you create regular backups of your managed HSM.
You can create backups at the HSM level and for specific keys.
Turn on logging
Turn on logging for your HSM.
You also can set up alerts.
Turn on recovery options
Soft-delete is on by default. You can choose a retention period of between 7 and 90 days.
Turn on purge protection to prevent immediate permanent deletion of the HSM or keys.
When purge protection is on, the managed HSM or keys remain in a deleted state until the retention period has ended.
Next steps
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for