We have an existing privacyidea server that currently hosts users’ tokens. This server is currently not using HSM module, and is only using encryption file. We would like to migrate this server to use HSM without affecting current users’ tokens.
Is this possible and is there a way to do this safely? (Provided we have everything correctly setup to switch the privacyidea server to use the HSM. We only concerned about the change of security implementation causing problem to decrypt existing encrypted data.) How do we migrate the flat encryption file to keys in the HSM (key content) if the above is possible?