[Opendnssec-user] Removing old keys and policies

Hoda Rohani hoda at nlnetlabs.nl
Tue Aug 22 15:41:03 UTC 2017


On 22-08-17 15:27, Julian Brost wrote:
> Hi,
> (follow-up on the public list, could also be of interest to others)
> On 21.08.2017 13:59, Hoda Rohani wrote:
>> Actually this command works for me on your db:
>> ods-enforcer policy purge
>> Purging policies
>> [...]
> Yes, that command indeed works. Somehow I must have missed that command.
>> Please let me know if you still have problem.
> The table hsmKey still contains lots of keys that now no longer
> reference a policy and neither exist in SoftHSM any more. Is that
> supposed to happen?

Unfortunately there is no way to get rid of those keys except manually removing them from database.

I personally think it would be better to have a command to remove those keys from hsmkey table. I will talk about this
with other people.

> Thanks for your help!
> Regards,
> Julian

Hoda Rohani

More information about the Opendnssec-user mailing list