Implement a backend for the secrets API that reads secrets stored in a HSM via the standard Java PKCS#11 KeyStore interface.
NB: HSMs vary in capabilities and functionality, so this backend will likely need to be customisable for a particular deployment.
Many important customers have invested heavily in secure HSM storage, and this is a requirement for some industries. It is therefore critical that ForgeRock products support storing secrets in HSMs.
- Secrets can be read from HSM via PKCS#11
- The backend can authenticate to the HSM via a standard PIN/password
- Cryptographic operations are delegated to the HSM