Azure managed HSM integration

MarbleRun integrates with Azure Managed HSM. This feature allows users to use an HSM key to encrypt the sealed data encryption key of the MarbleRun Coordinator, using the Secure Key Release (SKR) feature of Azure Managed HSM. SKR allows users to define a policy that restricts an HSM key to be used only by applications that meet the policy’s attestation requirements.

To enable the feature for your MarbleRun deployment, enable the AzureHSMSealing feature gate in your manifest.

Follow the set up instructions to learn how to provision an Azure Managed HSM and configure it for use with MarbleRun.