Hex Trust's asset storage arrangement utilizes advanced hardware and software infrastructure with strong security controls. The central component is the Hardware Security Module (HSM), which securely stores and manages cryptographic keys, ensuring they are always wrapped (encrypted) and never exposed in clear text. Both Safe Plus and Safe Vaults operate in an air-gapped environment, isolated from the internet, with data diodes ensuring one-way communication to prevent unauthorized access.
Key generation occurs within the HSM using a True Random Generator, and physical security is enhanced by storing encrypted keys in multiple vaults across different locations, requiring multiple approvals for access. Transaction signing involves client-initiated transactions that go through several approval stages before being securely signed within the HSM through the Key Management System (KMS).
