Thread: Support for hardware tokens for server/replication private key
Hi, Postgres allows client-side SSL requests to use secret keys on hardware tokens via OpenSSL engine support. Is there an equivalent way to store the server key on a hardware token. Similarly, is it possible to specify private keys on a hardware token for replication connections? Does the sslkey parameter of the primary_conninfo string in the recovery.conf file accept an OpenSSL Engine token key? Thanks, MD. -- View this message in context: http://postgresql.nabble.com/Support-for-hardware-tokens-for-server-replication-private-key-tp5876047.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
On Thu, Dec 3, 2015 at 5:31 AM, mdaswani <md@quintessencelabs.com> wrote:
Hi,
Postgres allows client-side SSL requests to use secret keys on hardware
tokens via OpenSSL engine support. Is there an equivalent way to store the
server key on a hardware token.
Similarly, is it possible to specify private keys on a hardware token for
replication connections? Does the sslkey parameter of the primary_conninfo
string in the recovery.conf file accept an OpenSSL Engine token key?
While I haven't tested it and haven't heard of anybody else who has, it should work. From a libpq perspective ,the replication standby is "just another client", so any parameters that work for libpq should work there.
Thanks for the reply. I can now confirm that replication connections can work using a private key stored on a hardware token. Do you know if there's any way I can store the server key on the hardware token? -- View this message in context: http://postgresql.nabble.com/Support-for-hardware-tokens-for-server-replication-private-key-tp5876047p5877762.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.