All the advantages of cloud-managed public key infrastructure without the need to trust a third party with the private keys for your certificate authority.
IoT-HSM is a lightweight appliance that is deployed to facilitate a persistent connection from your YubiKey to PKIaaS.io. After it's set up, all signing requests are forwarded from PKIaaS.io to your IoT-HSM to be signed by your YubiKey. All messages sent to and from the IoT-HSM are digitally signed and end-to-end encrypted using SMIME.
Multiple IoT-HSM appliances can be deployed anywhere in the world to respond to signature requests. PKIaaS.io will automatically route requests to available appliances.
Multiple certificate authorities can coexist on the same appliance using one or more YubiKeys. IoT-HSM can use all of the available slots on the YubiKey to store many certificate authorities. Each will maintain an independent, persistent connection to PKIaaS.io.
All management is performed through an intuitive web interface. When used with YubiKey, no backups are necessary because all of the state is maintained within the YubiKey. A new appliance can be deployed at any time and when the YubiKey is inserted, the appliances will automatically discover all certificate authorities and create persistent connections for each to PKIaaS.io.
A Docker container is available, but can only be used with SoftHSM2. It is recommended the container-based IoT-HSM be deployed behind a reverse proxy.