comphuter
commented
2 years ago That should be possible using variable substution in the config file, i.e. set PIN=${ENV::PINVAR_TO_USE} inside the [pkcs11_section] section of your OPENSSL_CONF file and then set the PINVAR_TO_USE environment variable to the PIN value.
See config(5) from the openssl man-pages for more information. (C-f The value string undergoes variable expansion.)
olszomal
It is possible to pass the PIN through the pkcs11 uri or through the OPENSSL_CONF file, but for security reasons in my project, I need to pass the pin through an environment variable, just as I can pass the PKCS11_MODULE_PATH. It's possible?