The idea with HSM-backed keys is that even in case of compromise, you can clean ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Nextgrid 40 days ago \| parent \| context \| favorite \| on: Put your SSH keys in your TPM chip The idea with HSM-backed keys is that even in case of compromise, you can clean up without having to rotate the keys. It also makes auditing easier as you can ensure that if your machine was powered down or offline then you are guaranteed the keys weren't used during that timeframe.

jamiesonbecker 40 days ago [–]

Rotating keys is easy with the right software. (I work @ Userify) Agree with the auditing point

Token-based keys, to tptacek's point, is that they can be a giant pain once you start scripting across fleets.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact