YubiHSM 2 Now Qualified for AWS IoT Greengrass Hardware Security Integration

We are excited to announce that Amazon Web Service (AWS) Internet of Things (IoT) Greengrass users can now use Yubico’s hardware security module, the YubiHSM 2, Yubico’s ultra-portable hardware security module, for secure key storage. AWS IoT Greengrass software provides local compute, messaging, and data caching for the IoT devices, enabling users to run IoT applications across the AWS cloud and local devices.

IoT is on the rise

The Internet of Things (2018) research report from Business Insider Intelligence predicts that there will be more than 55 billion IoT devices by 2025, up from about 9 billion in 2017. While reaping many advantages like increased efficiency and productivity, this rapid growth in adoption provides a new playground for malicious actors creating real challenges for security and privacy.

Connecting everything to the cloud creates the potential for a single point of failure, which is why protecting access to servers is of paramount importance. A prime threat to access is storing root keys for servers in software. Root keys stored in software can be stolen, accidentally distributed, or misused, and can potentially lead to catastrophic security breaches.

AWS IoT Greengrass supports a hardware root of trust

AWS IoT Greengrass enables customers to leverage a hardware root of trust, such as the YubiHSM 2, for private key storage, and end-to-end encryption for messages sent between AWS IoT Greengrass Core and the AWS cloud, as well as between the AWS IoT Greengrass Core and compatible local devices. This provides AWS IoT Greengrass customers with the option to configure their AWS IoT Greengrass Core to use the private keys generated and stored on the YubiHSM 2.

“Security and compliance are primary considerations for customers as they begin their respective cloud journeys. Organizations need true cloud visibility, which is the foundation of security and controls. The integration of YubiHSM 2 with AWS IoT Greengrass is a great example of a way for customers to have greater visibility into local compute, messaging, and data caching for the Internet of Things (IoT), ” said Troy Bertram, General Manager, Worldwide Public Sector Business Development, AWS. “The integration of YubiHSM 2 with AWS IoT Greengrass provides AWS customers with another avenue to maintain the strong hardware-backed security for cryptographic digital key generation, storage, and management.”

The YubiHSM 2 helps protect your keys

Since our initial launch of the YubiHSM 2 last year, many of our customers have approached us looking for a way to protect keys on servers. Complaints of traditional rack-mounted and card-based HSMs offering limited applicability at a significantly higher cost have led customers to our innovative alternative hardware security module. The YubiHSM 2 provides strong hardware-backed security for cryptographic digital key generation, storage, and management. The nano-sized YubiHSM 2 fits inside a server’s USB port and does not require additional hardware, significantly bringing down costs and simplifying the deployment process.

We’re excited for the collaboration with AWS IoT Greengrass. This announcement follows our recent release of our open source software development kit (SDK) for the YubiHSM 2. Now, more developers can rapidly integrate the YubiHSM 2’s capabilities into apps across a wider array of architectures and platforms. The YubiHSM 2 SDK enables developers to build products that communicate seamlessly with the YubiHSM 2 through the industry standard PKCS#11, and extend a range of high security functions and use cases for the greater protection of cryptographic keys.

The open source YubiHSM 2 SDK highlights Yubico’s commitment to transparency and trust. We continue to encourage the developer and security communities to join us in our mission to make strong hardware-backed security more accessible to organizations of all sizes.

Learn more about this new feature, and how AWS IoT Greengrass works with the YubiHSM 2. Want to integrate Yubico technology into your solution? Start here.

Talk to our teamTalk to our team

Share this article:


  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions
  • Cybersecurity in 2025: Insights and predictions from Yubico’s expertsWith 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the […]Read moreAIdigital identity walletspasskeyspredictions
  • State of Global Authentic(age)ion: A look at cybersecurity habits by generationsNo generations were left untouched when it came to the threat of hackers in 2024: from the impact of political shakeups, to increasingly sophisticated cyber attacks targeting consumers, critical industries and infrastructures, the world was on high alert. Fueled by a dramatic increase in phishing attacks circumventing certain forms of legacy multi-factor authentication (MFA), as […]Read moreState of Global Authenticationsurvey
  • Yubico named finalists of German digital identity innovation competitionIn 2023, Yubico began collaborating on an exciting open standards identity project – wwWallet – to shape the future of digital identity across Europe and beyond. The project saw immediate success solving problems for global identity, and was submitted in the German SPRIN-D European Digital Identity (EUDI) Funke competition which aims to develop and test […]Read moreEU Digital Identity WalletEUDIwwWalet