Thales HSMs Protect Key Material. The Keys Still Exist.
by Nick Clark | Published March 28, 2026
Thales Hardware Security Modules represent the gold standard for cryptographic key protection. FIPS 140-2 Level 3 certified, tamper-resistant, with secure key generation and storage in dedicated hardware. Financial institutions, certificate authorities, and governments depend on Thales HSMs. But HSMs protect keys. They do not eliminate the need for keys. The key material still exists inside the HSM. It is extraordinarily well protected. It is still stored material that constitutes a target. The structural gap is between the best possible key protection and an identity model that does not require stored keys at all.
Thales HSMs provide genuine hardware-level security for the most critical cryptographic operations. The gap described here is about the architectural assumption that identity requires stored key material, not about HSM quality.
Protecting the key is not eliminating the key
HSMs ensure that private keys never leave the secure hardware boundary. Cryptographic operations happen inside the HSM, and the key material is never exposed to software. This is the strongest protection available for stored keys. But the key exists inside the HSM. It was generated there, it is stored there, and operations depend on it being there.
If the HSM is physically destroyed, the key is lost and the identity it protected is unrecoverable unless backup procedures have duplicated the key to another HSM. The identity depends on the continued existence of key material, even when that material is in the most protected environment possible.
HSM clusters concentrate key authority
For availability, HSMs are deployed in clusters with replicated key material. This means the same key exists in multiple physical devices. Each replica is a potential target. The more replicas for availability, the larger the attack surface. HSM cluster management, key synchronization, and disaster recovery are complex operational challenges precisely because key material is a persistent artifact that must be maintained.
What keyless identity addresses
Keyless identity eliminates the need for stored key material entirely. Identity derives from accumulated behavioral continuity anchored in locally-sourced unpredictability. There is no key to protect because the identity primitive is not a key. It is a continuously evolving function of the device's own behavioral history.
HSMs could serve a role in generating locally-sourced entropy for keyless identity derivation, but the identity itself would not depend on persistent key material stored inside the HSM. The HSM would contribute to identity generation without being the container for identity.
