Historically, sensitive cryptographic keys such as root private keys of public key infrastructures (“PKIs”) have been stored on hardware security modules (“HSMs”) that are maintained and operated in one or more off-line environments. The off-line environments are not connected to or in communication with any publicly accessible network. The sensitive cryptographic keys are broken into parts, and the parts are saved to multiple HSMs. Each of the multiple HSMs is stored in a different secure physical location such as a safe, safe deposit box, or vault. Although physical separation of the parts provides significant security for the cryptographic keys, it creates problems when trying to use the cryptographic keys to sign or decrypt data. In order to use the cryptographic keys, PKI administrators must physically retrieve the HSMs from the secure physical locations and conduct a ceremony in which the cryptographic keys on the HSMs are assembled and used. Such ceremonies are time-consuming, cumbersome, and expensive.