Lab testing

HSM

Cryptography service with partition-aware access control

Cryptography service covering asymmetric, symmetric, hashing, and post-quantum operations with partition credential validation.

What ships on day one

Service modules for RSA, ECDSA, SHA-2/SHA-3/SM3, AES, Curve25519/448, ML-DSA, and ML-KEM
Partition id and secret validation hooks for request gating
Clear service boundaries with reusable middleware for maintainable growth

Deploy with Docker: create an HSM config JSON, mount it into the container, and start the image with --config.

Engineering blueprint

Partition credentials and PMK derivation inputs are loaded from configuration
Requests authenticate per partition with configurable auth mechanisms (basic header or OAuth2 ES512 bearer JWT)
Sensitive key material is always returned encrypted per partition PMK
Defaults are safe when no partition file is provided

HSM runtime is stateless and keeps no key storage within the service boundary
Middleware, service, and partition layers are separated for maintainability
Runs as one deployable service with multiple cryptography capabilities
Deploy with Docker by running the published image and mounting partition configuration

Service inventory

Clear service boundaries for each supported algorithm family

Stateless runtime

No key database or key persistence exists inside the HSM boundary; clients store encrypted key envelopes.

Partition checks

Partition credentials can be validated before sensitive operations

Config live reload

When started with configuration monitoring, HSM reloads valid partition updates at runtime.

Runtime logging

Structured service logs help operators trace startup and integration issues

Operational readiness

Docker deployment path is straightforward with mounted configuration
Configuration supports partition auth mechanism selection plus PMK component-key setup
Modular service layout keeps future capability additions manageable

Next step

Email labs@titaniumguard.in to review service integration and rollout planning.