Skip to main content
This guide explains how to integrate BeyondTrust Password Safe with Futurex Hardware Security Module (HSM) devices. An HSM hardware device safeguards and manages digital cryptography keys for strong authentication and provides cryptographic processing functionality. The HSM takes over the key management, encryption, and decryption functionality for the stored credentials.

About BeyondTrust

BeyondTrust Password Safe is a comprehensive solution that manages and secures privileged passwords, sessions, and accounts across various platforms. It offers automated credential management, enabling organizations to automatically discover, onboard, and manage privileged accounts and rotate passwords. Enhanced session management features enable administrators to monitor and record privileged activities securely, ensuring operational transparency and compliance.

Password Safe HSM credential use

Password Safe conforms to the following standards:
  • Uses only one set of HSM credentials at a time to encrypt any stored credentials.
  • Always encrypts new or edited credentials using the latest stored set of HSM credentials.
  • Supports legacy HSM credentials. You can still access credentials encrypted with an older set of HSM credentials if you have not manually deleted the HSM credentials used to encrypt them.
  • Keeps archived HSM credentials in the Password Safe database until you manually delete them.

Guardian integration

The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
  • Centralization of device management
  • Elimination of points of failure
  • Distribution of transaction loads
  • Group-specific function blocking
  • User-defined grouping systems
See the applicable guide in the Futurex Portal for configuring HSMs with the Guardian Series 3, including PKCS #11 and CNG configuration.