Locked in a vault.
Keys are an actual secret key (within the HSM), unknown to any human.
Two people with two different access cards have to be present to enable key operations.
So, you don't have to worry about changing keys as employees come and go, because no one knows the actual keys.
There is a whole structure of spare cards stored in offsite secure storage in case a card is damaged, lost, or stolen.
Card set one is stored separately from card set two.
Locked in a vault.
Keys are an actual secret key (within the HSM), unknown to any human.
Two people with two different access cards have to be present to enable key operations.
So, you don't have to worry about changing keys as employees come and go, because no one knows the actual keys.
There is a whole structure of spare cards stored in offsite secure storage in case a card is damaged, lost, or stolen.
Card set one is stored separately from card set two.