Tokenized hardware security modules

What is claimed is: 1. A method comprising: receiving, at a hardware security module (HSM), from a distributed system, a cryptographic operation request comprising: a cryptographic key digitally signed by the HSM, the cryptographic key associated with both an access control list (ACL) and an authorizer key, the authorizer key associated with a user authorized by an owner of the cryptographic key; and at least one authorization token, the at least one authorization token signed by the authorizer key; determining, by the HSM, whether the ACL associated with the cryptographic key of the cryptographic operation request is authorized to govern access to the cryptographic key; validating, by the HSM, the at least one authorization token when the ACL specifies the at least one authorization token; when the at least one authorization token is valid and the ACL is authorized to govern access to the cryptographic key of the cryptographic operation request, processing, by the HSM, the cryptographic operation request; and after processing the cryptographic operation request, transmitting, by the HSM, to the distributed system, a response comprising a result of the cryptographic operations request. 2. The method of claim 1 , wherein validating the at least one authorization token further comprises at least one of: determining the cryptographic operation request has been received by the HSM within an authorization time period defined by the at least one authorization token; or determining the HSM has received the cryptographic operation request less times than a limit number defined by the at least one authorization token. 3. The method of claim 1 , further comprising: when the ACL is authorized to govern access to the cryptographic key of the cryptographic operation request, determining, by the HSM, whether a cryptographic operation requested by the cryptographic operation request is allowed by the ACL; and when the cryptographic operation requested by the cryptographic operation request is allowed by the ACL, processing the cryptographic operation request. 4. The method of claim 1 , further comprising: receiving, at the HSM, a challenge request from an owner of the cryptographic key; and issuing, from the HSM, a corresponding authorization token to the owner of the cryptographic key. 5. The method of claim 4 , wherein the corresponding authorization token comprises data identifying the HSM and a cryptographic signature of the HSM. 6. The method of claim 4 , wherein the corresponding authorization token defines at least one of an authorization time period or a limit number limiting a number of usages of the corresponding authorization token. 7. The method of claim 1 , wherein the cryptographic key of the cryptographic operation request is wrapped. 8. A hardware security module (HSM) comprising: data processing hardware; and memory hardware in communication with the data processing hardware, the memory hardware storing instructions that when executed on the data processing hardware cause the data processing hardware to perform operations comprising: receiving, from a distributed system, a cryptographic operation request comprising: a cryptographic key digitally signed by the HSM, the cryptographic key associated with both an access control list (ACL) and an authorizer key, the authorizer key associated with a user authorized by an owner of the cryptographic key; and at least one authorization token, the at least one authorization token signed by the authorizer key; determining whether the ACL associated with the cryptographic key of the cryptographic operation request is authorized to govern access to the cryptographic key; validating the at least one authorization token when the ACL specifies the at least one authorization token; when the at least one authorization token is valid and the ACL is authorized to govern access to the cryptographic key of the cryptographic operation request, processing the cryptographic operation request; and after processing the cryptographic operation request, transmitting, to the distributed system, a response comprising a result of the cryptographic operations request. 9. The HSM of claim 8 , wherein validating the at least one authorization token further comprises at least one of: determining the cryptographic operation request has been received by the HSM within an authorization time period defined by the at least one authorization token; or determining the HSM has received the cryptographic operation request less times than a limit number defined by the at least one authorization token. 10. The HSM of claim 8 , wherein the operations further comprise: when ACL is authorized to govern access to the cryptographic key of the cryptographic operation request, determining whether a cryptographic operation requested by the cryptographic operation request is allowed by the ACL; and when the cryptographic operation requested by the cryptographic operation request is allowed by the ACL, processing the cryptographic operation request. 11. The HSM of claim 8 , wherein the operations further comprise: receiving a challenge request from an owner of the cryptographic key; and issuing a corresponding authorization token to the owner of the cryptographic key. 12. The HSM of claim 11 , wherein the corresponding authorization token comprises data identifying the HSM and a cryptographic signature of the HSM. 13. The HSM of claim 11 , wherein the corresponding authorization token defines at least one of an authorization time period or a limit number limiting a number of usages of the corresponding authorization token. 14. The HSM of claim 8 , wherein the cryptographic key of the cryptographic operation request is wrapped. 15. A method comprising: receiving, at a distributed system, a cryptographic operation request from a user, the cryptographic operation request comprising: a cryptographic key digitally signed by a hardware security module (HSM), the cryptographic key associated with both an access control list (ACL) and an authorizer key, the authorizer key associated with a user authorized by an owner of the cryptographic key; and at least one authorization token, the at least one authorization token signed by the authorization key; sending, by the distributed system, the cryptographic operation request to the HSM, the HSM configured to perform operations comprising: determining whether the ACL associated with the cryptographic key of the cryptographic operation request is authorized to govern access to the cryptographic key; validating the at least one authorization token when the ACL specifies the at least one authorization token; and when the at least one authorization token is valid and the ACL is authorized to govern access to the cryptographic key of the cryptographic operation request, processing the cryptographic operation request; receiving, at the distributed system, a response from the HSM, and when the HSM processes the cryptographic operation request, the response comprises a result of the cryptographic operation request; and sending the response from the distributed system to the user. 16. The method of claim 15 , wherein validating the at least one authorization token further comprises at least one of: determining the cryptographic operation request has been received by the HSM within an authorization time period defined by the at least one authorization token; or determining the HSM has received the cryptographic operation request less times than a limit number defined by the at least one authorization token.