Re: [opencryptoki-users] Using Opencryptoki in a docker container - serializing keys for stop (or c
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] Using Opencryptoki in a docker container - serializing keys for stop (or crash!) and restart / restore
|
From: Harald F. <fr...@li...> - 2021-02-10 08:40:47
|
Yes ... but please, I don't know if locking works with volumes assigned to containers. So this works fine as long as the applications use it in a read-only fashion, but I am not sure if this also works when one of these containers does an update in the ock key store. Please be aware - this is not special to opencrpytoki - every 'statefull' container like database instances has this very same problem within a cluster. Maybe you read more about this in the kubernetes docu for statefull sets. On 09.02.21 18:46, Alan King wrote: > Thank you. So just to be sure - I can mount a shared filesystem on /var/lib/opencryptoki and the token key objects will be available to all containers sharing that filesystem. Is that correct? > > Alan > > > > Alan King > Financial Sciences > IBM Research > > > > ----- Original message ----- > From: "Harald Freudenberger" <fr...@li...> > To: Alan King/Watson/IBM@IBM, ope...@li... > Cc: > Subject: Re: [EXTERNAL] [opencryptoki-users] Using Opencryptoki in a docker container - serializing keys for stop (or crash!) and restart / restore > Date: Tue, Feb 9, 2021 9:36 AM > > Hello Alan > > hm, what do you mean with "recover keys" ? > > I assume you are referring to some kind of token key objects. > Opencryptoki has it's memory about keys in /var/lib/opencryptoki. > So you can for example customize your docker image with a prepared > /var/lib/opencryptoki and all ock objects stored in there are available > in your container instances. > > On 09.02.21 15:08, Alan King wrote: > > Hi all - a newbie here (who probably should read manuals more thoroughly). > > > > We are deploying a Cloud service that will use a Softhsm - just for development purposes. > > > > The question is whether there is a way to recover keys from storage. I see a migrate executable. > > Is that the way to do it? > > > > Thanks > > Alan > > > > > > > > > > Alan King > > Financial Sciences > > IBM Research > > > > > > > > _______________________________________________ > > opencryptoki-users mailing list > > ope...@li... > > https://lists.sourceforge.net/lists/listinfo/opencryptoki-users > > > |
