The embodiments described herein describe technologies for a device definition process to establish a unique identity and a root of trust of a cryptographic manager (CM) device, the CM device to be deployed in a CM system. The device definition process can take place in a device definition phase of a manufacturing lifecycle of the CM device. One implementation includes a non-transitory storage medium to store an initialization application that, when executed by a CM device, causes the CM device to perform a device definition process to generate a device definition request to establish the unique identity and the root of trust. In response to the device definition request, the initialization application obtains device identity and device credentials of the CM device and stores the device definition request in storage space of a removable storage device. The initialization application imports a device definition response containing provisioning information generated by a provisioning device of a cryptographic manager system in response to the device definition request.