Support Cryptographic Tokens

[garantir-admin]

Please add support for all keys to be generated, stored, and used from within a cryptographic token. This has been a big issue for a number of large organizations that have requirements to use an HSM (generating the key in software and later importing it into the HSM is not an acceptable solution). A PKCS11 integration would be great and flexible enough to support a wide variety of cryptographic tokens.

[garantir-km]

Hello, just checking back on this. Any update on when this feature will be implemented, or whether it has already been?

[paulhowardarm]

You may wish to consider the CNCF Parsec project for this use case. Parsec has a Go client library, and it's designed to be simpler to consume than PKCS11. Parsec comes with a microservice that can connect to hardware tokens. It supports PKCS11 tokens, but also has pluggable back-ends that can interoperate natively with other systems like TPMs and secure elements without the need for a PKCS11 shim. It's quite flexible, and we would love for it to become the one-stop-shop for consuming hardware-backed security into high-level apps. I would be happy to discuss this further if it looks interesting. If you want to connect, we also have a community repo with details of how you can come and engage with the Parsec team on Slack or Zoom, and with links to some presentations and resources for learning more.

[github-actions[bot]]

This issue is stale because it has been opened for 60 days with no activity. Remove stale label or comment. Otherwise, it will be closed in 30 days.

[github-actions[bot]]

Issue closed due to no activity in the past 30 days.