Maintaining the security of computer systems is a difficult problem. One way that computer systems are secured, is through the use of cryptography. Cryptographic systems rely on one or more cryptographic keys to protect information. In many situations the security of the cryptographic keys is paramount, because access to the cryptographic keys allows access to the data that is being protected. One way cryptographic keys can be secured is through the use of a Hardware Security Module (“HSM”). An HSM is a physical computing device that safeguards cryptographic keys by storing them within a tamper-resistant physical device. HSMs provide cryptographic key generation and storage, and perform cryptographic operations for authorized clients of the HSM. Some cryptographic keys, called session keys, are associated with a particular connection from a particular HSM client, and are deleted as a result of termination of the session. Token keys are cryptographic keys that persist on the HSM, and that can be used by multiple users and sessions. In general, the cryptographic keys are not exportable from the HSM in an unprotected form.
In large-scale computing environments, the demand for cryptographic operations may exceed the capabilities of a single HSM. To improve the performance of cryptographic operations, some HSMs provide acceleration of cryptographic operations. In distributed computing environments, multiple HSMs may be used to provide cryptographic functions to various servers and clients throughout the distributed environment. Maintaining a fleet of HSMs can be difficult, because the non-exportability of the cryptographic keys makes it difficult to maintain a collection of synchronized cryptographic keys across the fleet.