Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cli: support for authenticating with private keys and certificates stored in PKCS#11 backend #771

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

daniel-weisse
Copy link
Member

Proposed changes

Allow users to authenticate themselves with private keys and certificates stored in a PKCS#11 compatible backend.
This removes the need for storing private keys on disk, and instead manage them in a HSM, YubiKey, or any other PKCS#11 compatible device.
Support is implemented through the crypto11 library by Thales.

To initialize the PKCS#11 library, a configuration file with the Token Label/Serial/Slot, Pin of the token, and path to the PKCS#11 library has to be provided.

  • Alternatively, we could forgo the need for a config file and instead let users provide flags for token label, pin and library path

Additionally, users have to specify the ID and/or label of the key and certificate stored in the token to use for authentication.

Additional info

  • AB#4683

Copy link

netlify bot commented Dec 2, 2024

Deploy Preview for marblerun-docs canceled.

Name Link
🔨 Latest commit eae2c34
🔍 Latest deploy log https://app.netlify.com/sites/marblerun-docs/deploys/674f268ee9a6940008f1f040

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant