HSM support for protecting witness values?

In many systems requiring ZKP, witness values can be private keys or nonces (whose hash is eventually used as a commitment). There are some regulations and usually security policies, especially from financial institutes that demand secure storage of any secret or cryptographic key. Is there any work around this, so the ZKP proof runs inside a secure box, where even the administrator cannot extract secrets (witness values), especially when we plan to reuse those on multiple transactions?