@benjojo @zaire sometimes we have sensitive cryptographic keys and we worry the computer can be hacked and the keys could get stolen. So an HSM is a magic box that you can put the keys in to keep them safe and secure, except it's actually just another computer that we've convinced ourselves can never be hacked, unlike other computers which sometimes can. Also, now that the keys are secure, you need to authenticate yourself to the HSM to use them, and you do this by using another key that you store outside the HSM. Unless you can get another HSM to store that key in. It's HSMs all the way down, essentially