Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

AWS CloudHSM command line tools

PDF
RSS
Focus mode
AWS CloudHSM command line tools - AWS CloudHSM

In addition to the AWS Command Line Interface (AWS CLI) that you use for managing your AWS resources, AWS CloudHSM offers command-line tools for creating and managing hardware security module (HSM) users and keys on your HSMs. In AWS CloudHSM, you use the familiar CLI to manage your cluster, and the CloudHSM command-line tools to manage your HSM.

These are the various command-line tools:

To manage HSMs and clusters

CloudHSMv2 commands in AWS CLI and HSM2 PowerShell cmdlets in the AWSPowerShell module

To manage HSM users

CloudHSM CLI

  • Use CloudHSM CLI to create users, delete users, list users, change user passwords, and update user multi-factor authentication (MFA). It is not included in the AWS CloudHSM client software. For guidance on installing this tool, see Install and configure CloudHSM CLI.

Helper Tools

Two tools help you to use AWS CloudHSM tools and software libraries:

  • The configure tool updates your CloudHSM client configuration files. This allows AWS CloudHSM to synchronize the HSMs in a cluster.

    AWS CloudHSM offers two major versions, and Client SDK 5 is the latest. It offers a variety of advantages over Client SDK 3 (the previous series).

  • pkpspeed measures the performance of your HSM hardware independent of software libraries.

Tools for previous SDKs

Use the key management tool (KMU) create, delete, import, and export symmetric keys and asymmetric key pairs:

  • key_mgmt_util. This tool is included in the AWS CloudHSM client software.

Use the CloudHSM management tool (CMU) to create and delete HSM users, including implementing quorum authentication of user management tasks

The following topics further describe the command-line tools available for managing and using AWS CloudHSM.

Topics
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.