Can the keystore be generated by a Hardware Security Module (HSM) and stored and managed by the HSM?

anonymous · November 18, 2019, 4:22am

I refer to https://docs.apigee.com/api-platform/system-administration/keystores-and-truststores

Where are the TLS keystores and truststores stored at? In Cassandra Database?
Are these keystores and truststores stored in a secure fashion where it is encrypted and hashed?
How can we further enhance the security of these private keys by storing in tamperproof memory?
Can the keystore be generated by a Hardware Security Module (HSM) and stored and managed by the HSM?
If none of the above, when will this be implemented in the roadmap?

Thank you.

Nathan Aw (Singapore)

dchiesa1 · November 18, 2019, 6:01pm

keystores and truststores are stored in an internal data system.

In the cloud, we don’t say what that is. In the on-premises (customer managed) installation of Apigee, that store is Cassandra. They are stored encrypted.

Support for HSM in the cloud is in the roadmap, but we have not announced availability dates for that.

anonymous · March 24, 2023, 5:12pm

Hello, does the HSM support for the keystore and truststore yet?

Topic		Replies	Views
Where the keys and certificate are stored in APIGEE Apigee api-runtime	2	9	January 30, 2018
Keystore Security Apigee api-runtime	3	15	July 24, 2021
Apigee with CloudHSM? Apigee api-runtime	2	6	January 28, 2020

Can the keystore be generated by a Hardware Security Module (HSM) and stored and managed by the HSM?

AI Suggested topics