For the latest version, please use Certificate Lifecycle Manager 6.0.0!

Cloud-Based HSM Integration Capabilities

Overview

MTG CLM platform supports flexible integration with Hardware Security Modules (HSMs), ensuring secure key storage and cryptographic operations across various deployment models.

In addition to supporting integrated HSM deployments, MTG CLM provides full support for external HSM integrations, including cloud-based HSM providers, to meet diverse customer environments and compliance requirements.

Cloud-Based HSM Support

MTG CLM is designed to interoperate with both on-premises and cloud-based HSM services using standard interfaces:

PKCS#11 Interface Support

MTG CLM natively supports the PKCS#11 standard for cryptographic operations, enabling secure and vendor-agnostic integration with a broad range of HSM solutions.

Azure Key Vault Managed HSM Integration

MTG CLM can be connected to Azure Key Vault Managed HSM instances via the PKCS#11 interface, allowing customers to centralize key storage within their Azure environment while maintaining full control over cryptographic operations.

AWS CloudHSM Integration

MTG CLM integrates with AWS CloudHSM using the PKCS#11 libraries provided by AWS. This enables key generation, storage, and cryptographic operations to be performed directly within the customer’s AWS CloudHSM environment.

Vendor Agnostic Architecture

Thanks to its PKCS#11-based approach, MTG CLM remains vendor-independent and can integrate with any HSM that provides a compliant PKCS#11 interface.

Modular and Extensible Architecture

The architecture is fully modular, allowing:

  • Deployment across on-premises, private cloud, hybrid cloud, and public cloud environments.

  • Secure API-based integration for custom workflows and automation (application layer).

  • Flexibility to extend or migrate HSM usage without architectural changes.

  • Support for customer-specific key residency requirements to comply with jurisdictional, regulatory, or industry-specific standards (e.g., GDPR, eIDAS, BSI).

This design ensures that the system can easily adapt to evolving security, compliance, and operational needs.

Key Benefits

  • Regulatory Compliance: Supports compliance across different legal jurisdictions and industries.

  • Operational Flexibility: Leverages existing cloud infrastructure and customer-owned HSM resources.

  • High Availability Options: Supports both on-premises and cloud-based high availability and disaster recovery configurations.

  • Security Assurance: Utilizes FIPS 140-2 Level 3 validated HSMs for all cryptographic operations.

Summary

MTG CLM provides full support for cloud-based HSM integration via PKCS#11, enabling customers to build secure, scalable, and flexible PKI & CLM environments that align with their existing IT and compliance strategies.