Skip to content
You are reading Consensys Quorum Plugins development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Hardware security module support


The hardware security module plugin is available as an additional option to a ConsenSys Quorum Support subscription.

The hardware security module plugin supports Luna hardware security modules (HSMs). This provides the ability to store the node’s keys in external hardware. For example, to protect a validator node’s key in an IBFT 2.0 network.


The Luna HSM plugin can only be used to store the node’s public and private key file. The plugin cannot be used to store transaction signing keys.

Configure the HSM connection from the command line.

HSM monitoring

The Luna HSM plugin provides metrics to monitor the Hyperledger Besu and HSM connection. To configure monitoring, use the monitoring framework provided by Hyperledger Besu.

You can use Prometheus to access the following available Luna HSM metrics.

Metric Name Description
plus_luna_hsm_public_key_count Number of requests for the public key
plus_luna_hsm_reconnect_count Number of Luna reconnection attempts
plus_luna_hsm_signing_count Number of signing requests
plus_luna_hsm_signing_time Time (seconds) taken to perform signing
plus_luna_hsm_key_agreement_time Time (seconds) taken to calculate a ECDH Key Agreement
plus_luna_hsm_key_agreement_count Number of ECDH Key Agreement calculations


You must enable the LUNA_HSM metrics category to view the metrics.

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can obtain paid professional support by ConsenSys at