Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

The quorum category in CloudHSM CLI

Focus mode
The quorum category in CloudHSM CLI - AWS CloudHSM

In the CloudHSM CLI, quorum is a parent category for a group of commands that, when combined with quorum, creates a command specific to quorum authentication, or M of N operations. Currently, this category consists of the token-sign sub-category which consists of its own commands. Click the link below for details.

Admin Services: Quorum authentication is used for admin privileged services like creating users, deleting users, changing user passwords, setting quorum values, and deactivating quorum and MFA capabilities.

Crypto User Services: Quorum authentication is used for crypto-user privileged services associated with a specific key like signing with a key, sharing/unsharing a key, wrapping/unwrapping a key, and setting a key's attribute. The quorum value of an associated key is configured when the key is generated, imported, or unwrapped. The quorum value must be equal to or less than the number of users that the key is associated with, which includes users that the key is shared with and the key owner.

Each service type is further broken down into a qualifying service name, which contains a specific set of quorum supported service operations that can be performed.

Service name Service type Service operations
user Admin
  • user create

  • user delete

  • user change-password

  • user change-mfa

quorum Admin
  • quorum token-sign set-quorum-value

cluster1 Admin
  • cluster mtls register-trust-anchor

  • cluster mtls deregister-trust-anchor

  • cluster mtls set-enforcement

key-management Crypto User
  • key wrap

  • key unwrap

  • key share

  • key unshare

  • key set-attribute

key-usage Crypto User
  • key sign

[1] Cluster service is exclusively available on hsm2m.medium

Related topics

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.