Support for PKCS11 password/PIN in a separate file
Bug #2049521 reported by
Josselin Mouette
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
In Progress
|
Undecided
|
Unassigned |
Bug Description
We’re using barbican with a HSM and we would very much like the PKCS#11 PIN/password to access this HSM to remain in memory and to never land on disk.
To support that, it seems logical, as most software handling PKCS11 allows, to put it in a separate file instead of barbican.conf.
The attached patch allows this.
Changed in barbican: | |
status: | New → In Progress |
To post a comment you must log in.
An alternative might be to use environment variables, which should already be supported:
https:/ /specs. openstack. org/openstack/ oslo-specs/ specs/rocky/ config- from-environmen t.html
Note that I didn't test this, but if you do, and this would cover your use case, please leave a comment.