Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Planning hierarchy
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 532
    • Issues 532
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 101
    • Merge requests 101
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #911

Closed
Open
Created Mar 01, 2019 by Cathy Almond@cathyaDeveloper

Add support for BIND with native pkcs11 support to retrieve HSM pin from an environment variable (instead of a file) [ISC-support #14233]

When integrating BIND with an HSM to manage private keys, along with automatic DNSSEC signature maintenance, a mechanism has to be put into place to handle the pin needed to access the private keys in the HSM device.

When building BIND with native pkcs#11 support, this can only be done by means of a pin file on disk.

When building BIND using instead patched OpenSSL to interface with the HSM, you can instead set an environment variable.

In production environments where the latter (environment variable containing the HSM pin) is preferred, it is not currently possible to deploy DNSSEC with native pkcs11 support for the HSM.

(This should be relatively easy to do?)

Edited Mar 05, 2019 by Support RT
Assignee
Assign to
Time tracking