Uploaded image for project: 'Commons'
  1. Commons
  2. COMMONS-229

Implement HSM (PKCS#11) secrets backend

    XMLWordPrintable

    Details

    • Story
    • Status: Resolved
    • Resolution: Fixed
    • 23.0.0
    • Secrets
    • None

      Description

      Description

      Implement a backend for the secrets API that reads secrets stored in a HSM via the standard Java PKCS#11 KeyStore interface.

      NB: HSMs vary in capabilities and functionality, so this backend will likely need to be customisable for a particular deployment.

      Business Value

      Many important customers have invested heavily in secure HSM storage, and this is a requirement for some industries. It is therefore critical that ForgeRock products support storing secrets in HSMs.

      Acceptance Criteria

      • Secrets can be read from HSM via PKCS#11
      • The backend can authenticate to the HSM via a standard PIN/password
      • Cryptographic operations are delegated to the HSM

        Attachments

          Activity

            People

            neil.madden Neil Madden
            neil.madden Neil Madden
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: