[Opendnssec-user] Removing old keys and policies

Hoda Rohani hoda at nlnetlabs.nl
Tue Aug 22 15:41:03 UTC 2017


Hello,

On 22-08-17 15:27, Julian Brost wrote:
> Hi,
> 
> (follow-up on the public list, could also be of interest to others)
> 
> On 21.08.2017 13:59, Hoda Rohani wrote:
>> Actually this command works for me on your db:
>>
>> ods-enforcer policy purge
>> Purging policies
>> [...]
> 
> Yes, that command indeed works. Somehow I must have missed that command.
> 
>> Please let me know if you still have problem.
> 
> The table hsmKey still contains lots of keys that now no longer
> reference a policy and neither exist in SoftHSM any more. Is that
> supposed to happen?
> 

Unfortunately there is no way to get rid of those keys except manually removing them from database.

I personally think it would be better to have a command to remove those keys from hsmkey table. I will talk about this
with other people.


> Thanks for your help!
> 
> Regards,
> Julian
> 

Regards,
Hoda Rohani



More information about the Opendnssec-user mailing list