Nitrokey HSM can be configured to run device-to-device encrypted export by using DKEK / XKEK logical security domains, which could allow to move the keys between the preconfigured Nitrokey HSMs. Such configuration can be done only through the initialization operation, which removes all the currently hold secrets (in other words activating DKEK is not possible without destroying already stored data).
References: