Capabilities
While most settings in the Control Panel are saved in the Control Panel's database,
Capabilities are stored in the Application Api's database. As a result, the Application Api must be deployed and healthy
before this screen will work.
A Capability is an optional feature of the application that can be turned on or off.
Toggle the features on or off on this screen and click Save to commit the settings to the Application Api.
The
Use Hardware Security Module setting determines whether the application is protected by a Hardware Security Module.
When this is on, an additional encryption algorithm that uses a Bootstrap Key will be used throughout Arch for all of its sensitive data.
The Bootstrap Key is stored only on the Hardware Security Module (HSM).
Additionally, the application will start in a Sealed state where it will be non-functional until it is Unsealed.
A Sealed application can only be Unsealed by an authenticated remote call from the Control Panel to the Application Api's HSM to retrieve the Bootstrap Key.
The Bootstrap Key is not delivered back to the Control Panel, but is kept encrypted in-memory throughout Arch once it is Unsealed.
Should the Bootstrap Key ever be unretrievable or lost, it will be impossible to access the data in Arch.
Only the
YubHSM 2 v2.4 is supported at this time.
