Skip to main content
Perform the following tasks described in this section to configure the Futurex PKCS #11 library with BeyondTrust Password Safe:
  1. Add an HSM credential to BeyondInsight.
  2. Check HSM Encryption within the Beyond Insight Logs.

Add an HSM credential

Perform the following steps to add an HSM Credential to BeyondInsight:
1
Log in to the BeyondInsight server that you configured to access the HSM.
2
To open the BeyondInsight Configuration Tool, select Start> Apps> eEye Digital Security > BeyondInsight Configuration.
3
If a User Account Control window appears, select [ Yes ] to continue.
4
In BeyondInsight configuration, select [ Configure HSM Credentials ].
5
In the Configure HSM Credentials window, select Edit> Add New HSM Credential.
6
Enter the HSM Details:
  • Path: Enter the path to the fxpkcs11.dll file, such as C:\Program Files\Futurex\fxpkcs11\fxpkcs11.dll.
  • Slot: Select Futurex (0) from the drop-down menu.
  • Key Name: Because you identify HSM keys by labels, you must provide a unique name for each key to associate encrypted credentials with the key used to encrypt and decrypt them. Use any unique key name.
  • Description: This provides information about the key for display purposes only.
  • PIN: The password for the application partition credentials you configured in the Futurex HSM for use by BeyondInsight or Password Safe.
7
Select [ Save ].
8
Select [ Test Active Credential ].
An HSM connection successful message displays if the connection is successful.

Check HSM encryption

You can track the HSM encryption by opening the BeyondInsight logs in C:\Program Files (x86)\eEye Digital Security\Retina CS\Logs\. When you open the webconsole_passwordsafe[date].log file, you should see something similar to the following example:
None
2024-04-15 15:18:10.372 +02:00 [Information] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- eEye.RetinaCS.SimpleDataAccess.CredentialDataAccess Attempting to connect to HSM.  Driver 32: C:\Program Files\Futurex\fxpkcs11\x64\fxpkcs11.dll, Driver 64: C:\Program Files\Futurex\fxpkcs11\x64\fxpkcs11.dll, Slot: 0
2024-04-15 15:18:10.372 +02:00 [Information] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- BeyondInsight.HsmAdapter.HSM Using Multi threaded hsm
2024-04-15 15:18:15.622 +02:00 [Information] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- eEye.RetinaCS.SimpleDataAccess.CredentialDataAccess Successfully connected to HSM: FxPKCS11
2024-04-15 15:18:15.622 +02:00 [Debug] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- BeyondInsight.HsmAdapter.HSM HSM: Open New Session
2024-04-15 15:18:16.513 +02:00 [Debug] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- BeyondInsight.HsmAdapter.HSM HSM: Login Session
2024-04-15 15:18:20.576 +02:00 [Debug] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- BeyondInsight.HsmAdapter.HSM HSM: preform action
2024-04-15 15:18:20.764 +02:00 [Information] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- eEye.RetinaCS.SimpleDataAccess.CredentialDataAccess Encrypting with HSM: FxPKCS11
2024-04-15 15:18:20.920 +02:00 [Debug] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- BeyondInsight.HsmAdapter.HSM HSM: preform action
2024-04-15 15:18:21.310 +02:00 [Information] (15) (5502c282-ecf8-4186-851d-0a6f16904015) api/ps/configuration/functional-accounts CreateFunctionalAccount -4- eEye.RetinaCS.SimpleDataAccess.CredentialDataAccess Encryption succeeded with HSM