THIS IS A WORK IN PROGRESS!

Smart ID Identity Manager offers support for HSM (Hardware Security Model) for several use cases:

...

For Docker deployment, libjpkcs11 needs to be placed onto the docker host and then mounted into a the container respective containers.
This is done by adding a volume mount to docker/compose/identitymanager/admin/docker-compose.yml and docker/compose/identitymanager/operator/docker-compose.yml.
In this the example below we have libjpkcs11_x64-3.6.3.1.so (version number may vary) placed into the docker/compose/identitymanager/config/ folder, which is then mounted into the container’s Tomcat folder for native libs as libjpkcs11.so.

...

1. To avoid this, you have these options:

   1. Deploy each Identity Manager webapp on its own dedicated Tomcat instance (Docker deployments always work like this).

      OR

   2. Remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs instead (this ensures those JARs are served from the Tomcat common classloader for all webapps).

      1. CMSDK JARs:

         • cmcommon*.jar

         • cmsdk-*.jar

         • common-*.jar

      2. BouncyCastle JARs:

         • bcmail-*.jar

         • bcpgp-*.jar

         • bcpkix-*.jar

         • bcprov-*.jar (including bcprov-ext-*.jar)

Additional information