Virtual Hardware Security Module

v1.4.4-1

Overview

Description

enclaive vHSM — Virtual Hardware Security Module

enclaive vHSM is a software-defined HSM that runs inside confidential-computing enclaves. It keeps keys and crypto operations isolated from the host, supports Bring-Your-Own-Key (BYOK), Hold-Your-Own-Key (HYOK) and delivers HSM-grade protection with cloud agility and scale. It’s built for multi-cloud/Kubernetes environments and designed to plug into existing tooling via standard interfaces.

Highlights

Enclave-backed security: Keys are generated, stored, and used only inside a hardware-isolated TEE; remote attestation can gate secret release and workloads.
Sealed, redundant storage: Encrypted key material is sealed to the enclave and can be replicated for high availability.
Standards-based interfaces: PKCS#11 compatibility for drop-in integration with libraries, apps, and middleware.
Crypto agility: Support for classical (e.g., RSA, EC) and PQ-ready (e.g., Kyber, Dilithium) suites to align with NIST/BSI guidance.
Cloud-native operations: Auto-healing clusters, quick rollout across servers, datacenters, and providers.

Where it runs

vHSM is built for confidential-computing environments on major clouds and Openshift platforms.

Common use cases

BYOK, HYOK and key management for cloud workloads
Attested secret provisioning for apps and data services
Key offload for databases, API gateways, CI/CD pipelines
Code/Container-signing keys safeguarded in enclave

Products using this container

enclaive vHSM

enclaive vHSM (Virtual Hardware Security Module) is a software-based security solution.

Containerized application

Security

Technical information

General information

The following information was extracted from the containerfile and other sources.

Summary	vHSM is a tool for securely accessing secrets.
Description	The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.
Provider	enclaive GmbH
Maintainer	vHSM Team <vhsm@enclaive.cloud>

Technical information

The following information was extracted from the containerfile and other sources.

Repository name	vHSM
Image version	v1.4.4-1
Architecture	amd64

Get this image

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

This certified image is distributed by a third party registry. Use the information above to pull the image or view pulling certified images from third party registries for more information.

Option A — Pull with Podman (recommended)

Pull the image:

podman pull quay.io/enclaive/vhsm:latest

Option B — Pull with Docker

Pull the image:

docker pull quay.io/enclaive/vhsm:latest

Option C — Use on OpenShift / Kubernetes

Reference the image in your workload:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: vhsm
spec:
  replicas: 1
  selector:
    matchLabels: { app: vhsm }
  template:
    metadata:
      labels: { app: vhsm }
    spec:
      containers:
        - name: vhsm
          image: quay.io/enclaive/vhsm:latest
          ports:
            - containerPort: 1234

enclaive vHSM — Virtual Hardware Security Module

Highlights

Enclave-backed security: Keys are generated, stored, and used only inside a hardware-isolated TEE; remote attestation can gate secret release and workloads.

Sealed, redundant storage: Encrypted key material is sealed to the enclave and can be replicated for high availability.

Standards-based interfaces: PKCS#11 compatibility for drop-in integration with libraries, apps, and middleware.

Crypto agility: Support for classical (e.g., RSA, EC) and PQ-ready (e.g., Kyber, Dilithium) suites to align with NIST/BSI guidance.

Cloud-native operations: Auto-healing clusters, quick rollout across servers, datacenters, and providers.

General information

The following information was extracted from the containerfile and other sources.

Summary	vHSM is a tool for securely accessing secrets.
Description	The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly.
Provider	enclaive GmbH
Maintainer	vHSM Team <vhsm@enclaive.cloud>

Option C — Use on OpenShift / Kubernetes

Reference the image in your workload:

apiVersion: apps/v1 kind: Deployment metadata: name: vhsm spec: replicas: 1 selector: matchLabels: { app: vhsm } template: metadata: labels: { app: vhsm } spec: containers: - name: vhsm image: quay.io/enclaive/vhsm:latest ports: - containerPort: 1234

Description

enclaive vHSM — Virtual Hardware Security Module

Highlights

Where it runs

Common use cases

Products using this container

enclaive vHSM

Published

Release category

Size

Digest

General information

Technical information

Option A — Pull with Podman (recommended)

Option B — Pull with Docker

Option C — Use on OpenShift / Kubernetes

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

Virtual Hardware Security Module

Description

enclaive vHSM — Virtual Hardware Security Module

Highlights

Where it runs

Common use cases

Products using this container

enclaive vHSM

Published

Release category

Size

Digest

General information

Technical information

Option A — Pull with Podman (recommended)

Option B — Pull with Docker

Option C — Use on OpenShift / Kubernetes