A system for securely managing a plurality of hardware security modules (HSMs). One example provides a host device, a first HSM, and a second HSM. The host device is configured to designate the first HSM as a primary HSM, and activate a security association mode in the primary HSM. The first HSM is configured to generate a multi-HSM exchange key (“MEK”), and encrypt the MEK using a temporary key generated with a key agreement protocol between the first HSM and the second HSM. The first HSM shares the encrypted MEK with the second HSM via the host device. The host device deactivates the security association mode, and the first HSM receives a traffic encryption key (“TEK”). The first HSM encrypts the TEK using the MEK, and shares the encrypted TEK with the second HSM via the host device. The second HSM decrypts the TEK using the MEK.