Can the keystore be generated by a Hardware Security Module (HSM) and stored and managed by the HSM?

nathanaw
Participant V

I refer to https://docs.apigee.com/api-platform/system-administration/keystores-and-truststores

  1. Where are the TLS keystores and truststores stored at? In Cassandra Database?
  2. Are these keystores and truststores stored in a secure fashion where it is encrypted and hashed?
  3. How can we further enhance the security of these private keys by storing in tamperproof memory?
  4. Can the keystore be generated by a Hardware Security Module (HSM) and stored and managed by the HSM?
  5. If none of the above, when will this be implemented in the roadmap?

Thank you.

Nathan Aw (Singapore)

0 2 329
2 REPLIES 2

keystores and truststores are stored in an internal data system.

In the cloud, we don't say what that is. In the on-premises (customer managed) installation of Apigee, that store is Cassandra. They are stored encrypted.

Support for HSM in the cloud is in the roadmap, but we have not announced availability dates for that.

Hello, does the HSM support for the keystore and truststore yet?