Secrets management
BeyondTrust Password Safe
Configure FXPKCS11 library in BeyondTrust Password Safe
3min
perform the following tasks described in this section to configure the {{futurex}} pkcs #11 library with beyondtrust password safe add an hsm credential to beyondinsight check hsm encryption within the beyond insight logs add an hsm credential perform the following steps to add an hsm credential to beyondinsight log in to the beyondinsight server that you configured to access the hsm to open the beyondinsight configuration tool , select start > apps > eeye digital security > beyondinsight configuration if a user account control window appears, select \[ yes ] to continue in beyondinsight configuration , select \[ configure hsm credentials ] in the configure hsm credentials window, select edit > add new hsm credential enter the hsm details path enter the path to the fxpkcs11 dll file, such as c \program files\futurex\fxpkcs11\fxpkcs11 dll slot select futurex (0) from the drop down menu key name because you identify hsm keys by labels, you must provide a unique name for each key to associate encrypted credentials with the key used to encrypt and decrypt them use any unique key name description this provides information about the key for display purposes only pin copy and paste the pin contained within the \<crypto opr pass> tag in the {{fu}} pkcs #11 configuration file ( fxpkcs11 cfg ) select \[ save ] select \[ test active credential ] an hsm connection successful message displays if the connection is successful check hsm encryption you can track the hsm encryption by opening the beyondinsight logs in c \program files (x86)\eeye digital security\retina cs\logs\ when you open the webconsole passwordsafe\[date] log file, you should see something similar to the following example 2024 04 15 15 18 10 372 +02 00 \[information] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 eeye retinacs simpledataaccess credentialdataaccess attempting to connect to hsm driver 32 c \program files\futurex\fxpkcs11\x64\fxpkcs11 dll, driver 64 c \program files\futurex\fxpkcs11\x64\fxpkcs11 dll, slot 0 2024 04 15 15 18 10 372 +02 00 \[information] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 beyondinsight hsmadapter hsm using multi threaded hsm 2024 04 15 15 18 15 622 +02 00 \[information] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 eeye retinacs simpledataaccess credentialdataaccess successfully connected to hsm fxpkcs11 2024 04 15 15 18 15 622 +02 00 \[debug] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 beyondinsight hsmadapter hsm hsm open new session 2024 04 15 15 18 16 513 +02 00 \[debug] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 beyondinsight hsmadapter hsm hsm login session 2024 04 15 15 18 20 576 +02 00 \[debug] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 beyondinsight hsmadapter hsm hsm preform action 2024 04 15 15 18 20 764 +02 00 \[information] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 eeye retinacs simpledataaccess credentialdataaccess encrypting with hsm fxpkcs11 2024 04 15 15 18 20 920 +02 00 \[debug] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 beyondinsight hsmadapter hsm hsm preform action 2024 04 15 15 18 21 310 +02 00 \[information] (15) (5502c282 ecf8 4186 851d 0a6f16904015) api/ps/configuration/functional accounts createfunctionalaccount 4 eeye retinacs simpledataaccess credentialdataaccess encryption succeeded with hsm