Supported Hardware Security Modules (HSMs)

The following table lists the Hardware Security Modules (HSMs) supported for each EJBCA deployment type. Supported integration methods include the PKCS#11 interface and REST APIs.

HSM Type	Software stack	SaaS	Cloud	Software Appliance	Hardware Appliance	Container Set
Network HSMs integrated with REST APIs
AWS Key Management Service (KMS)	✔️ Doc link	✔️ Doc link	✔️ Doc link			✔️ Doc link
Azure Key Vault / MS Managed HSM	✔️ Doc link	✔️ Doc link	✔️ Doc link			✔️ Doc link
Fortanix Data Security Manager (DSM)	✔️ Doc link					✔️ Doc link
Securosys Primus HSM and CloudHSM Service	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Network HSMs integrated with PKCS#11
AWS CloudHSM	✔️ Doc link	✔️ Doc link	✔️ Doc link			✔️ Doc link
Bull TrustWay Proteccio	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Crypto4A QxHSM	✔️ Doc link
Entrust nShield Connect	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Thales DPoD	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Thales Luna 7	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Thales TCT	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Utimaco CryptoServer	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Utimaco u.trust Anchor	✔️ Doc link			✔️ Doc link	✔️	✔️ Doc link
Internal Hardware Appliance PCIe HSMs integrated with PKCS#11
Thales Luna PCIe	✔️				✔️ Doc link
Utimaco PCIe	✔️				✔️ Doc link
USB HSMs integrated with PKCS#11
Thales Luna USB				✔️