Share via

Changing Passwords in Azure Managed HSM

PS3 大南 勝/Ominami, Masaru (NTT DATA) 20 Reputation points
2025-08-08T07:49:48.78+00:00

Regarding Azure Managed HSM, we are using the C_Login function for access via PKCS#11.

However, we could not find documentation describing how to set or change the "username:password (PIN)" used in that function.

Could you please clarify the following:

Is changing the PIN using C_SetPIN supported?

We appreciate your confirmation on this matter.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Swaroop Kolli 3,345 Reputation points Microsoft External Staff Moderator
    2025-08-12T07:48:46.61+00:00

    Hello @PS3 大南 勝/Ominami, Masaru (NTT DATA),

    Unfortunately, Azure Managed HSM does not support C_SetPIN to change the PIN via the PKCS#11 interface.The PIN for user authentication is managed at the Azure Managed HSM resource level, not via PKCS#11 commands.

    The PKCS#11 interface provided by Azure Managed HSM supports a limited subset of functions, and C_SetPIN is not included in the supported list. Please find the list of functions below-

    https://github.com/microsoft/AzureManagedHsmTLSOffload?tab=readme-ov-file#supported-api-operations

    This means that you cannot programmatically change the PIN using C_SetPIN in Azure Managed HSM. If you need to update credentials, you would typically manage them through the Azure portal or CLI, depending on how your HSM users and roles are configured.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    You found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.