To encrypt password hashes using a HSM before storing them in the user database, use the following configuration entry points.
- MAIN SETTINGS >> Password Settings >> Password Service (or any other plugin referencing the plugin used for user password hashing)
- Replace the configured password hash plugin with the Encrypted Password Hash plugin.
Then configure the Encrypted Password Hash plugin as required. To use the HSM for encryption, configure a HSM Keystore plugin in Keystore property.