AWS CloudHSM
User Guide

Windows AWS CloudHSM Prerequisites

Before you can start the Windows AWS CloudHSM client and use the KSP and CNG providers, you must set the required system environment variables. These variables identify an HSM and a crypto user (CU) for your Windows application. You can use the setx command to set system environment variables, or set permanent system environment variables programmatically or in the Advanced tab of the Windows System Properties Control Panel.

Set the following system environment variables:

n3fips_partition=HSM-ID

Identifies an HSM in your cluster. Because they are synchronized, you can specify any HSM in the cluster. To create an HSM, use CreateHsm. To find the HSM ID of an HSM, use DescribeClusters or choose a cluster in the AWS CloudHSM console.

For example:

setx /m n3fips_partition hsm-lgavqitns2a
n3fips_password=CU-username:CU-password

Identifies a crypto user (CU) in the HSM and provides all required login information. Your application authenticates and runs as this CU. The application has the permissions of this CU and can view and manage only the keys that the CU owns and shares. This CU must be available in the HSM specified by the n3fips_partition environment variable. To create a new CU, use createUser. To find existing CUs, use listUsers.

For example:

setx /m n3fips_password test_user:password123