Practice the vocabulary of performing a cryptographic operation without ever exposing the raw private key.
0 / 5 completed
1 / 5
At standup, a dev mentions a dedicated, tamper-resistant hardware device that performs cryptographic operations without ever exposing the raw private key material outside the device. What is this device called?
A Hardware Security Module, or HSM, is a dedicated, tamper-resistant hardware device that performs a cryptographic operation, like signing, without ever exposing the raw private key material outside the device itself. A regular application server loading a private key into its own process memory exposes that key to anything capable of reading that server's memory. This never-exposed key material is what makes an HSM meaningfully more secure than storing and using a private key directly within an application's own runtime.
2 / 5
During a design review, the team wants a signing operation delegated entirely to the HSM, sending only the data to be signed and receiving back a signature, rather than ever loading the private key into the application itself. Which capability supports this?
Delegated signing performed inside the HSM sends only the data to be signed to the device and receives back a completed signature, so the private key itself never has to leave the device or ever touch the application's own memory. Loading the private key directly into the application's memory to perform the signing itself exposes that key to any process capable of reading that memory. This delegation is the core operational pattern that makes an HSM's protection meaningful in practice.
3 / 5
In a code review, a dev notices the HSM's configuration is described as tamper-resistant and tamper-evident, meaning a physical intrusion attempt either destroys the stored key material or leaves an unmistakable, detectable sign of tampering. What does this represent?
Tamper-resistant and tamper-evident hardware protection means a physical intrusion attempt against the HSM either destroys the stored key material outright or leaves an unmistakable, detectable sign that tampering was attempted. A software-only key store has no comparable physical protection, since anyone with access to the underlying disk or memory could potentially extract the key. This physical protection is a defining characteristic that distinguishes a genuine HSM from ordinary software-based key storage.
4 / 5
An incident report shows a service's signing private key was stolen after an attacker gained access to the application server's file system, because the key had been stored as a plain file loaded directly into the application at startup. What practice would prevent this?
Storing and using the signing key inside an HSM means the raw key material never exists as a file the application server's own file system can expose, since the device performs the signing operation itself and never releases the key. Continuing to store the key as a plain file on the application server is exactly what let it be stolen in this incident once an attacker gained file-system access. Using an HSM for a genuinely sensitive signing key is a standard mitigation once this class of key-theft risk has been identified.
5 / 5
During a PR review, a teammate asks why the team stores its signing key in an HSM instead of just keeping it as an environment variable that the application reads at startup. What is the reasoning?
An environment variable is readable by anything with access to the application's process, configuration store, or a crash dump that happened to capture it, exposing the raw key to a wide range of potential compromise. An HSM performs the signing operation itself and never exposes the raw key material at all, closing off that entire exposure surface. The tradeoff is the added cost and integration complexity of provisioning and calling out to a dedicated HSM instead of simply reading a local key value.