Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.futurex.com/llms.txt

Use this file to discover all available pages before exploring further.

This section offers a quick reference to key prerequisites and high-level implementation steps. For basic testing procedures for the integration, see Validate and test.

Pre-implementation

  • Install Ansible
  • Admin privileges on the HSM
  • Check OpenSSL version (v3.0 or newer)
  • Install dependencies
    • OpenSC (from source or with package manager under opensc)

Implementation

You can complete most tasks in this section by using either Excrypt Manager or FXCLI. The exception is the second option of task 7 (Create connection certificates for mutual authentication), for which you must use FXCLI.You can optionally complete steps 4 through 6 by using the Guardian Series 3 (see the applicable guide for configuring HSMs for PKCS #11 integrations by using the Guardian Series 3).
If you use a virtual HSM for the integration, you must connect to it over the network through FXCLI, the Excrypt Touch, or the Guardian Series 3.
  • Install Futurex PKCS #11 module (FXPKCS11)
  • Install Futurex Command Line Interface (FXCLI)
  • Configure Vectera
    • Connect to the HSM with a USB to enable Excrypt Manager or FXCLI
    • Confirm Command Primary Mode is General Purpose (GP), and PKCS #11 feature is enabled
    • Configure HSM’s network
    • Load FTK , PMK and BEK major keys
    • Configure the transaction processing connection
    • Create a new application partition for the integration
    • Create a new identity and give it access to the newly created application partition
    • Configure TLS with either server-side or mutual authentication
  • Edit FXPKCS11 configuration file
  • Install and configure pkcs11-provider

Post-implementation

  • Set up test environment
    • Generate a key pair in the HSM
    • Create a password file
    • Create a test .txt file with sample data
    • Copy encrypt.yml and decrypt.yml playbooks into the test directory
    • Create an inventory file
  • Run the example encrypt.yml and decrypt.yml playbooks to demonstrate the HSM’s role in Ansible Vault integration