[synicalx]

Never really touched one of these HSMs before, what happens if you're using one in production and it dies?

[j_s]

https://news.ycombinator.com/item?id=12069784

>mdewinter(2016Jul): They [undisclosed HSM vendor] did, with undocumented commands, export the key from the device in an unencrypted format and loaded it into the other model so that we could continue our operation.

(The first comment I ever favorited on HN.)

[synicalx]

Wow thanks for the link, that's a bit concerning. Not an expert on HSMs, but this does seem like a fairly serious design flaw?

[jlgaddis]

You retrieve the backup HSM and continue on.