Secret Server can be configured to use SafeNet or Thales HSMs
The HSM is a hardware device that handles the encryption/decryption in hardware. As the HSM keys are stored within the hardware device itself, and never leave the device, use of a HSM increases the security of the encrypted data in Secret Server.
SafeNet and Thales HSMs are FIPS 140-2 certified and are typically used by government and military customers.
Secret Server does not require an HSM in order to function but it’s available as an option for environments that require the highest level of security. If you want to deploy Secret Server with a Safenet HSM please notify your Account Manager so they can provide pricing for the HSM hardware.