I get the need to "generate key pairs" and the need to export private keys as they are needed at the the "desktop" for SSH access methods.
So this "first example" of key gen and then export is not really showing any significant HSM benefit. e.g. I’m used to the idea that Private keys will NOT leave the HSM, that is why they are there and held securely on HSM?
Usually HSMs are used for "secure server based" private key access. Can you provide a good example of when to use an Cloud HSM and the security posture versus costs benefits?? e.g. database encrypted record access.