Hardware security module support
The hardware security module plugin is available as an additional option to a ConsenSys Quorum Support subscription.
The hardware security module plugin supports Luna hardware security modules (HSMs). This provides the ability to store the node's keys in external hardware. For example, to protect a validator node's key in an IBFT 2.0 network.
The Luna HSM plugin can only be used to store the node's public and private key file. The plugin cannot be used to store transaction signing keys.
Configure the HSM connection from the command line.
HSM monitoring
The Luna HSM plugin provides metrics to monitor the Hyperledger Besu and HSM connection. To configure monitoring, use the monitoring framework provided by Hyperledger Besu.
You can use Prometheus to access the following available Luna HSM metrics.
| Metric name | Description |
|---|---|
plus_luna_hsm_public_key_count | Number of requests for the public key |
plus_luna_hsm_reconnect_count | Number of Luna reconnection attempts |
plus_luna_hsm_signing_count | Number of signing requests |
plus_luna_hsm_signing_time | Time (in seconds) taken to perform signing |
plus_luna_hsm_key_agreement_time | Time (in seconds) taken to calculate a ECDH Key Agreement |
plus_luna_hsm_key_agreement_count | Number of ECDH Key Agreement calculations |
You must enable the LUNA_HSM metrics category to view the metrics.