Create and use keys in AWS CloudHSM

To get started creating and using keys in your new cluster, you must first create a hardware security module (HSM) user with CloudHSM Management Utility (CMU). For more information, see Understanding HSM User Management Tasks, Getting started with AWS CloudHSM Command Line Interface (CLI), and How to Manage HSM Users.

If using Client SDK 3, use CloudHSM Management Utility (CMU) instead of CloudHSM CLI.

With HSM users in place, you can log in to the HSM and create and use keys with any of the following options:

Use key management utility, a command line tool
Build a C application using the PKCS #11 library
Build a Java application using the JCE provider
Use the OpenSSL Dynamic Engine directly from the command line
Use the OpenSSL Dynamic Engine for TLS offload with NGINX and Apache web servers
Use the CNG and KSP providers to use AWS CloudHSM with Microsoft Windows Server Certificate Authority (CA)
Use the CNG and KSP providers to use AWS CloudHSM with Microsoft Sign Tool
Use the CNG and KSP providers for TLS offload with Internet Information Server (IIS) web server

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Setup mTLS (recommended)

Best practices