Zero-trust MySQL reference with TLS 1.3 mTLS, client-side AES-GCM via HSM KMS, tenant isolation, tamper-evident audit, and automated proof-of-controls.

A collection of shell scripts to interactively initialize and manage certain smartcards, USB tokens, and hardware security modules (HSMs).

PKCS#11 sidecar container for Securosys Primus HSM.

A small shell script for gathering metrics from tape drives inside libraries such as the IBM TS4500. The collected information can be used by Prometheus for monitoring and alerting.

A minimalistic distributed file signing system with Authenticode and PKCS#11 support.

Key Vault integration with API Management so that secrets and certificates are stored in a FIPS 140-2 Level 2 compliant HSM.

Running Rust code on nCipher HSMs (using CodeSafe).

HSM Protected Certification Authority based on Easy-RSA

A Setup for creating a Public Key Infrastructure backed by a YubiHSM2

Same Subkeys, Many Yubikeys...

A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.