steve-mcintyre
commented
2 weeks ago I'm not sure the softhsm example setup belongs here - maybe better as a personal blog / repo?
Open aronowski opened 1 month ago
steve-mcintyre
commented
2 weeks ago I'm not sure the softhsm example setup belongs here - maybe better as a personal blog / repo?
aronowski
commented
2 weeks ago Fixed.
aronowski
commented
2 weeks ago I can remove that example, but should we nevertheless stick with the HCL idea and simply use physical HSMs as examples there, or remove it altogether?
Considering the former, I'd wait until we have at least one of such examples ready for showcasing, what we expect from others, then replace the proposed one. Otherwise we would have this list empty - not an inviting sight to see for those, who still set up their own signing infrastructure.
As per the call on October 7, 2024, documenting why HSMs should be used instead of other methods of protecting private keys.
Showcasing, how important HSMs are, might be realized as a community-backed venue for helping out setting these, especially when workarounds are needed for some of the problematic tokens. Add an example entry meant to be run in a test environment and link to it in the docs.