PKIaaS.ioIoT-HSM
An affordable HSM built on Yubikey 5
You don't need to spend thousands of dollars on a Hardware Security Module (HSM) to secure the private keys for your certificate authorities. With IoT-HSM, you can use a Yubikey 5 managed and controlled entirely by you to secure your keys and sign certificates.
See the GitHub README for installation instructions.
Features
What you get with PKIaaS.io
A hardware security module (HSM) for only the cost of a Yubikey. Secure your private keys and sign certificates with a Yubikey 5 managed and controlled by you.
Enterprise-Grade HSM Security
Private keys are stored securely on a YubiKey 5, which is FIPS 140-2 validated and provides secure key storage and cryptographic operations. All signing operations are performed on the YubiKey.
No Backups Needed
There's no need to backup IoT-HSM, as the private keys are stored on the YubiKey 5. If the IoT-HSM hardware fails, you can simply deploy a new IoT-HSM and plug in the YubiKey to resume operations.
Test With Docker
Use our Docker image to test IoT-HSM in a containerized environment. The Docker image doesn't support YubiKey, but it allows you to test IoT-HSM using a software-based HSM via SoftHSMv2.
Keys May Be Imported or Generated
IoT-HSM offers the option to import existing private keys or generate them on the Yubikey, guaranteeing that the private keys never leave the Yubikey.
Scalable and Highly Available
Multiple IoT-HSM appliances can be deployed anywhere in the world for scalability and high availability. This requires the same private keys to be imported into the Yubikeys on each IoT-HSM.
Multiple CA and Yubikey Support
Multiple slots on a single Yubikey can be provisioned to support multiple certificate authorities on PKIaaS.io. Multiple Yubikeys on the same device is also supported.