Hardware security module support

PegaSys Plus provides a plugin to support Luna hardware security modules (HSMs). This provides the ability to store the node’s keys in external hardware. For example, to protect a validator node’s key in an IBFT 2.0 network.

Important

The Luna HSM plugin can only be used to store the node’s public and private key file. The plugin cannot be used to store transaction signing keys.

Configure the HSM connection from the command line.

HSM monitoring

The Luna HSM plugin provides metrics to monitor the PegaSys Plus and HSM connection. To configure monitoring, use the monitoring framework provided by Hyperledger Besu.

You can use Prometheus to access the following available Luna HSM metrics.

Metric Name Description
plus_luna_hsm_public_key_count Number of requests for the public key
plus_luna_hsm_reconnect_count Number of Luna reconnection attempts
plus_luna_hsm_signing_count Number of signing requests
plus_luna_hsm_signing_time Time (seconds) taken to perform signing
plus_luna_hsm_key_agreement_time Time (seconds) taken to calculate a ECDH Key Agreement
plus_luna_hsm_key_agreement_count Number of ECDH Key Agreement calculations

Note

You must enable the LUNA_HSM metrics category to view the metrics.