HSM Roles

To maintain strong separation of duties and reduce insider risk, Secubit enforces role-based access control (RBAC) within its Hardware Security Modules (HSMs). Each role has clearly defined responsibilities, with access restricted by physical tokens and secure PIN entry on dedicated hardware keypads. No single operator can bypass these controls, and sensitive tasks require explicit authorization from the appropriate role.

Security Officers are responsible for establishing the security perimeter within the HSM. They create secure partitions, configure access and key policies, and approve firmware or custom extension updates. This role defines the overall trust boundary of the HSM.

Crypto Officers manage cryptographic material. They generate keys, securely replicate them to offline backup HSMs during key ceremonies, perform key recovery when authorized, and approve signing of firmware extensions or customization modules.

Crypto Users interact with the service layer by generating authentication credentials, such as strong passwords, used by applications or services to request cryptographic operations from the HSM.

Audit Users are dedicated to accountability and compliance. They configure secure audit logging and are the only role permitted to retrieve logs from the HSM. This ensures that all security events and administrative actions remain tamper-proof and independently reviewable.

Domain Users establish and maintain trust domains between online and offline HSMs. When HSMs belong to the same domain, they can securely transfer encrypted key material (for backup or restore) under domain keys, ensuring that secrets never leave hardware unprotected.

All of these roles are tied to physical USB security tokens and PIN entry devices, requiring operators to present their assigned token and enter their PIN on a dedicated hardware pad. This prevents credential sharing, enforces multi-factor authentication, and provides cryptographic proof of operator presence for every critical action. All operations performed by these roles on the HSM take place within official, recorded ceremonies, ensuring full accountability and an auditable trail for every sensitive action.