HSM Support

[HilkopterBob]

Is your feature request related to a problem? Please describe. We currently need a FIPS 140-2 Level 2 or Common Criteria EAL 4+ compatible way to store code signing certificates. Currently there are only these options:

• A pricy Hardwarekey:
  • single point of failure or extremely pricy (Yubico starting at 650€)
• SoftHSM from the OpenDNSSEC project:
  • lib only
  • need to develop own software solution
• Cloud Services:
  • hard to integrate (eg. AWS)
  • not viable for all businesses

Describe the solution you'd like It would be great to generate and store certs in Authentik and make them usable and attributable via the api to eg. a devops chain.

Describe alternatives you've considered Yubico Hardware Appliance OpenDNSSEC Lib for self made soultion AWS

Additional context I know this feature would generally be against what an HSM was intended for - but it would be the first real self-hostable and open source solution for that class of problems.

[BeryJu]

This is not something authentik will do anytime soon as the current certificate management options in authentik are primarily there due to being required by other protocols. Something like https://www.vaultproject.io/ would be a better solution for this use-case.