This repository contains a Dockerized version of the YubiHSM Connector, which enables communication with YubiHSM 2 devices.
- Docker installed on your system
- A YubiHSM 2 device
- USB access from the host system (see USB/udev documentation)
Dockerfile: Contains the container build instructions70-yubihsm.rules: udev rules for YubiHSM 2 device accessyubihsm-connector-config.yaml: Configuration file for the YubiHSM connector
Build the Docker image with:
docker build --platform linux/amd64 -t AxLabs/yubihsm-connector-docker .Run the container with the following command to ensure proper USB device access:
docker run -d \
--name yubihsm-connector \
--restart unless-stopped \
--privileged \
--device=/dev/bus/usb \
-v /run/udev:/run/udev:ro \
-p 12345:12345 \
AxLabs/yubihsm-connector-docker--privileged: Gives the container access to host devices--device=/dev/bus/usb: Mounts the USB bus-v /run/udev:/run/udev:ro: Mounts udev information (read-only)-p 12345:12345: Exposes the default YubiHSM Connector port--restart unless-stopped: Automatically restart the container unless manually stopped
To verify that the connector is running properly:
curl http://localhost:12345/connector/statusYou should receive a JSON response indicating the connector status.
- The container runs as a non-root user
yubihsm-connector - USB device access is restricted through udev rules
- Consider network security when exposing port 12345
-
If the device is not detected:
- Ensure the YubiHSM 2 is properly connected
- Check that the udev rules are properly loaded
- Verify USB permissions on the host system
-
If the connector fails to start:
- Check the container logs:
docker logs yubihsm-connector - Verify the configuration in
yubihsm-connector-config.yaml
- Check the container logs:
This project is distributed under the terms of the Apache License 2.0. See LICENSE for more information.