Skip to main content
The KMES Series 3 integration guides provide detailed technical documentation on integrating third-party applications with the Futurex KMES Series 3. These guides result from our rigorous certification process in which our Integration Engineering team thoroughly tests and validates each integration in a lab environment before certifying it for customer deployment. Each integration guide is specific to a particular third-party application and explains how to integrate those applications with the KMES Series 3 by using supported protocols such as PKCS #11, Microsoft CNG, JCE, OpenSSL Engine, KMIP, and more.
This guide assumes you have a solid technical understanding of the third-party applications, cryptographic concepts, and basic networking.

Futurex certification process

The Futurex certification process is a rigorous and standardized approach to testing and certifying integrations between third-party applications and Futurex HSMs and key management servers (such as KMES Series 3). The certification process ensures that we fully test and validate third-party application integrations in a lab environment before deploying them in a production environment. Our integration Engineering team implements this process so that you can be confident that third-party applications integrate seamlessly with Futurex HSMs and KMES Series 3 devices and that all operations result in the expected behavior. The certification process involves several steps, including research, testing, troubleshooting, and certification, and is fully documented in an integration guide for each integration. The full process includes the following steps:
  1. Research the third-party application to gain a general understanding of the solution and the protocol it uses to integrate with an HSM or KMS device (such as PKCS #11, Microsoft CNG, JCE, OpenSSL Engine, and KMIP).
  2. Determine the scope of the third-party application use of the HSM or KMS device, including the specific functionalities it uses (for example, data encryption, key protection, entropy, and so on).
  3. Install and configure the third-party application in a lab environment, where all testing and validation take place.
  4. Establish a connection between the third-party application and the Futurex device, which typically involves configuring TLS certificates and creating roles and identities that the third-party application uses to connect and authenticate to the Futurex device.
  5. Initiate a request from the third-party application to the Futurex device, such as generating keys or certificates, encrypting or decrypting data, or performing other cryptographic functions.
  6. If any errors occur during the testing process, the Integration Engineering team diagnoses the issues and takes necessary corrective actions. If necessary, the team also documents the errors by creating engineering change requests (ECRs) to ensure all issues are addressed and resolved before certification.
  7. After any necessary engineering changes have been made, the team performs a new end-to-end test to ensure that all errors are resolved and all operations are successful.
  8. Certify the integration by creating an integration guide that covers all necessary prerequisites, lists configurations required in both the third-party application and the Futurex device, and provides instructions to test functionality.
By following these steps, we ensure that the integration between the third-party application and the Futurex device is fully tested and validated and that we resolve any errors or issues before we certify the integration as fully supported.

Integration guide organization

The typical flow of our integration guides is as follows:
  1. Before you start: Covers supported hardware models, OS versions, third-party software, and other prerequisites.
  2. Configure the Futurex device: Provides detailed step-by-step instructions on setting up the HSM device for the integration. This includes network setup, loading major keys, configuring policies and permissions, and setting up authentication by using TLS certificates or shared secrets.
  3. Configure the third-party application: Shows how to configure the application to connect to the Futurex device and use its cryptographic functionalities.
  4. Test the integration: Provides test cases and expected results to validate that the integration works end-to-end for key use cases properly.
  5. Troubleshoot common issues: Offers tips for diagnosing and resolving common errors or issues seen with the integration.

Integration guides by application

A

Ansible Ansible Vault Apache HTTP Server AWS BYOK Azure BYOK

B

BIND Bitwarden

C

Curity Identity Server CyberArk Privileged Access

D

DigiCert

E

Encrypted File Transport External Key Migration

F

File encryption Futurex Offline Root CA Futurex Online Issuing CA

G

Generic Futurex PKCS #11 Generic KMIP Generic SCEP Google Cloud EKM (External Key Manager) Google Workspace Client-Side Encryption

H

HashiCorp Vault (Automatic Unseal, Seal Wrap, and Entropy Augmentation) HashiCorp Vault (Managed Keys) HashiCorp Vault (PKCS #12 Secret Export)

I

IBM Db2

J

Java Jarsigner Jenkins Code Signing

K

Key Labeling

M

Microsoft ADCS Microsoft AD RMS Microsoft Intune Microsoft SignTool Microsoft SQL Server MongoDB MySQL Enterprise TDE

N

NetApp ONTAP Nginx

O

OpenSSL Provider OpenVPN Access Server Oracle Database TDE

P

Pure Storage FlashArray

R

Red Hat Certificate System (RHCS)

S

SSH Key Offloading

T

TrueNAS

V

Venafi Adaptable CA CyberArk Trust Protection Foundation Versasec vSEC:CMS VMware vSphere

Z

Zettaset XCrypt Full Disk