Service Snapshots
This section contains instructions on configuring and using your Luna Cloud HSM Service Snapshot UI. The Luna Cloud HSM Service allows users to create and restore service snapshots. In addition to user created snapshots, a system snapshot is created daily, and stored for a period of seven days. A service snapshot is a complete capture of the state of the Luna Cloud HSM Service that includes any objects, keys, certificates stored on the partition, as well as the current state of credentials for initialized users on the partition (Security Officer, Crypto Officer, Crypto User).
Use cases for restoring partition snapshots include:
- Zeroized partition as a result of failed log in attempts.
- An invalid object created on the partition renders it inoperable.
- Accidental key deletion.
- User credentials were rotated and the new credentials were not captured properly.
Creating a Snapshot
-
After creating a Luna Cloud HSM Service, the "Snapshots" tab can be found next to the "Credentials" Tab:
-
To create a snapshot, select "Capture Snapshot" and enter the desired snapshot name.
-
User snapshots have a fixed, non-configurable expiry of three months.
-
Users can create a maximum of three user snapshots.
-
Automatic system snapshots do not count towards this quota.
Note
- Snapshot names can only contain alphanumerical, underscore and dashes.
- Duplicate user snapshot names are not allowed
- A system snapshot is taken every day, with an expiry of one week. The format of the snapshot name is "SYSTEM_SNAPSHOT_MMDDYYYY".
The following is an example of the audit logs generated from the "Capture Snapshot" selection:
{"time":"2025-03-31 21:35:35.765561 UTC",
"source":"thales/cloudhsm/1441770948972",
"resourceID":"4e6853a2-7445-47bf-a32d-485f3d088fc6",
"actorID":"00ba9760-f396-46d7-9ec8-214067f10bdc",
"tenantID":"762acd2b-5497-468e-b36b-1ad75f881559",
"action":"CREATE_SNAPSHOT",
"status":"SUCCESS",
"traceID":"401e6b5b314a",
"meta":"{\"partid\": \"1441770948972\", \"name\": \"SYSTEM_SNAPSHOT_03312025\", \"type\": \"system\", \"ouids\": [\"152a000063000004e8720900\", \"162a000063000004e8720900\"], \"expiry\": \"2025-04-07T21:35:35.764674+00:00Z\"}"}
Deleting a Snapshot
- Select the action dropdown arrow on the far right of a snapshot and choose "Delete". The user will be prompted to confirm.
Note
- When limit is reached, the user will need to delete a user snapshot in order to create another user snapshot.
The following is an example of the audit logs generated from the "Delete" selection:
{"time":"2025-03-31 21:35:40.873504 UTC",
"source":"thales/cloudhsm/1441770948972",
"resourceID":"4e6853a2-7445-47bf-a32d-485f3d088fc6",
"actorID":"00ba9760-f396-46d7-9ec8-214067f10bdc",
"tenantID":"762acd2b-5497-468e-b36b-1ad75f881559",
"action":"DELETE_SNAPSHOT",
"status":"SUCCESS",
"traceID":"0d68181bf509",
"meta":"{\"partid\": \"1441770948972\", \"name\": \"snapshot_ouids\", \"type\": \"restore_point\"}"}
Restoring a Snapshot
- Select the action dropdown arrow on the far right of a snapshot, select "Restore". The user will be prompted to confirm.
Note
-
Restoring a snapshot will revert the partition's state to the state when the snapshot was taken.
-
A system snapshot will be taken before the restore starts and will use the "SYSTEM_SNAPSHOT_MMDDYYYY" naming format.
The following is an example of the audit logs generated from the "Restore" selection:
{"time":"2025-03-31 21:35:35.820616 UTC",
"source":"thales/cloudhsm/1441770948972",
"resourceID":"4e6853a2-7445-47bf-a32d-485f3d088fc6",
"actorID":"00ba9760-f396-46d7-9ec8-214067f10bdc",
"tenantID":"762acd2b-5497-468e-b36b-1ad75f881559",
"action":"RESTORE_SNAPSHOT",
"status":"SUCCESS",
"traceID":"401e6b5b314a",
"meta":"{\"partid\": \"1441770948972\", \"name\": \"snapshot_ouids\", \"type\": \"user\", \"ouids\": [\"152a000063000004e8720900\", \"162a000063000004e8720900\"]}"}
