Add support for BIND with native pkcs11 support to retrieve HSM pin from an environment variable (instead of a file) [ISC-support #14233]

When integrating BIND with an HSM to manage private keys, along with automatic DNSSEC signature maintenance, a mechanism has to be put into place to handle the pin needed to access the private keys in the HSM device.

When building BIND with native pkcs#11 support, this can only be done by means of a pin file on disk.

When building BIND using instead patched OpenSSL to interface with the HSM, you can instead set an environment variable.

In production environments where the latter (environment variable containing the HSM pin) is preferred, it is not currently possible to deploy DNSSEC with native pkcs11 support for the HSM.

(This should be relatively easy to do?)

Edited Mar 05, 2019 by Support RT

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information