Currently, Keystone both accepts incoming gRPC requests (from the internet) and also must access keys stored in an HSM (ie. using a PIN). Ideally the code accessing the HSM would be run in a secure enclave so it is harder for someone to compromise the HSM by compromising the Keystone server.
Currently, Keystone both accepts incoming gRPC requests (from the internet) and also must access keys stored in an HSM (ie. using a PIN). Ideally the code accessing the HSM would be run in a secure enclave so it is harder for someone to compromise the HSM by compromising the Keystone server.