Risks of Storing Certificates and Keys in Flash/EEPROM on Embedded C Systems

I am working on a piece of software with cyber security features for an embedded system written in C.

If: 
I do not use HSM/SHE 
Store certificate and key information on the Flash/EEPROM somewhere within a software component with API to access all keys/certificates

Flash is inside of the microcontroller

What risks are there to hack into the system and get all the keys/certificates?

Priyanka,
Questions to ask yourself to assess the risk.
What would a hacker gain by stealing your keys/certificates?  The more the information is worth, the more effort someone will take to hack in.
Does the API allow for the key/certificate to be read or only allow it to be used to encrypt or sign something? If it can't be read directly using the API that increases the difficulty.
Is there a way to directly read what is in the microcontroller Flash/EEPROM? Some microcontrollers have lock bits to prevent this.
Is this device connected to the internet?
Will each instance of the device have a different key/certificate?

I'd suggest you learn about the different FIPS-140 security levels and determine what level is most appropriate for your application.

Data security is the main headache of the today's world. To make secure your email data use an outlook mail, you can also convert or add to another email. To know more about how to Add Roadrunner Email To Outlook please visit our website to find the best solution provided by the technical expert. 

Embedded system security is a strategic approach to protecting software running on embedded systems from attack. An embedded system is a programmable hardware component with a minimal operating system and software.