Skip to content

Create configurator tool

As outlined in the deployment section of !26 (merged), we want to use a dedicated, non-interactive configurator tool, which allows us to (re)configure the NetHSM based on a declarative configuration file (without any passphrases).

Passphrases for relevant actions (e.g. R-Administrator or N-Administrator), backup and unlock passphrases are expected to be provided as shares of a shared secret (using Shamir's Secret Sharing) after initial deployment of the OS.

Edited by David Runge
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information