Skip to main content
Skip table of contents

Create a CloudHSM Crypto User - SDK5

To create a CloudHSM crypto user, do the following:

  1. Set some environment variables so the CLI can be used without interactive mode:

    CODE 
    export CLOUDHSM_ROLE=admin
export CLOUDHSM_PIN=admin:<PASSWORD>

  2. Create users to create keys.  Each user can access and use only its own keys.  Here is an exmaple where we create three users that can only see the keys of the CA they own.

    Best practice is to not use the password flag on the CLI.  This is shown for example purposes for scripting needs.

    CODE 
    # /opt/cloudhsm/bin/cloudhsm-cli user create --username ejbca_root --role crypto-user --password <PASSWORD>
# /opt/cloudhsm/bin/cloudhsm-cli user create --username ejbca_issuing --role crypto-user --password <PASSWORD>
# /opt/cloudhsm/bin/cloudhsm-cli user create --username ejbca_managementca --role crypto-user --password <PASSWORD>


  3. For more detailed user management, refer to the AWS CloudHSM documentation Managing HSM Users in AWS CloudHSM.



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close