Automic VaultAutomic Vault

brew

Install softhsm with Homebrew, apk, dnf, MacPorts, Nix, pacman, zypper

Cryptographic store accessible through a PKCS#11 interface. Version 2.7.0 via Homebrew; verified 2026-07-05.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install softhsm

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install softhsm

MacPorts ports tree · security/softhsm/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add softhsm

Alpine Linux edge package indexes · softhsm · source: dl-cdn.alpinelinux.org

Fedora dnfverified · 92%
sudo dnf install softhsm

Fedora Rawhide package metadata · softhsm · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#softhsm

nixpkgs package indexes · pkgs/by-name/so/softhsm/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S softhsm

Arch Linux sync databases · softhsm · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install softhsm

openSUSE Tumbleweed package metadata · softhsm · source: download.opensuse.org

overview

Package summary

Cryptographic store accessible through a PKCS#11 interface

Commands and aliases

  • softhsm2-dump-file
  • softhsm2-keyconv
  • softhsm2-util

history

Project history and usage

SoftHSM is a software implementation of a cryptographic token store exposed through PKCS#11, originally created for OpenDNSSEC and later maintained as a standalone security project.

Project history

The official SoftHSM site and README both state that SoftHSM began as part of the OpenDNSSEC project. OpenDNSSEC needed to store and handle cryptographic keys through PKCS#11, but requiring a physical hardware security module would have limited who could test or deploy the system.

SoftHSM answered that problem with a software implementation of a generic cryptographic device. Version 2 became the current line, adding stronger handling of sensitive material, unswappable memory support, and a more general crypto backend that can use Botan or OpenSSL.

The SoftHSMv2 GitHub repository was created in 2013 and remains active under the softhsm organization, while the project website points users to GitHub for source code and bug reporting.

Adoption history

SoftHSM spread beyond OpenDNSSEC because PKCS#11 is a shared interface used by many cryptographic applications. The README explicitly notes that SoftHSM can work with other cryptographic products through that interface.

The package is carried by Homebrew, Alpine, Fedora, MacPorts, Nix, Arch, and openSUSE according to the input package facts, which fits its role as a test and development HSM substitute on Unix-like systems.

How it is used

Users install the library and command-line utilities, configure the token storage path in softhsm2.conf, initialize tokens with softhsm2-util --init-token, and then point PKCS#11-aware software at the SoftHSM module.

The default configuration file is /etc/softhsm2.conf, and the README documents SOFTHSM2_CONF as an override. Token backup is ordinary file backup of the configured token storage location.

Why package nerds care

SoftHSM is important to package maintainers because it makes PKCS#11 integration testable without special hardware. That matters for DNSSEC software, TLS tooling, signing infrastructure, CI systems, and applications that support smart cards or hardware security modules.

It is also a classic dependency-package artifact: most users care that the shared module, config file, utility commands, crypto backend, and p11-kit integration land in expected filesystem locations.

Timeline

  • 2000s: SoftHSM is developed as part of OpenDNSSEC to provide a software PKCS#11 device.
  • 2013: SoftHSMv2 GitHub repository is created.
  • 2010s: SoftHSM version 2 becomes the main documented line with Botan/OpenSSL backend support.
  • 2020s: SoftHSM continues as a standalone project with packages across Unix-like package managers.

Related projects

  • OpenDNSSEC: the project SoftHSM was originally built to support.
  • PKCS#11: the cryptographic token interface SoftHSM implements.
  • Botan and OpenSSL: supported cryptographic backends.
  • p11-kit: system integration layer relevant to installing PKCS#11 modules.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.
  • Build metadata lists 4 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/etc/softhsm2.conf

executables

Installed executables

CommandKindExposureNote
softhsm2-dump-filecliglobal executable
softhsm2-keyconvcliglobal executable
softhsm2-utilcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.7.0
manager updated2026-07-05
local dataok
upstreamcurrent
latest detected2.7.0

https://github.com/softhsm/SoftHSMv2

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:softhsm
Version2.7.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/softhsm
Homepagehttps://www.softhsm.org/
Repositoryhttps://github.com/softhsm/SoftHSMv2
Upstream docshttps://github.com/softhsm/SoftHSMv2#readme
LicenseBSD-2-Clause
Source archivehttps://github.com/softhsm/SoftHSMv2/archive/refs/tags/2.7.0.tar.gz
Last updated2026-07-05T00:14:30+09:00
Pulseupdated
Dependenciesopenssl@3
Build dependenciesautoconf, automake, libtool, pkgconf
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesofthsm
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

softhsm

nix profile install nixpkgs#softhsm
  • normalized package name match
  • Matched by: Softhsm
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/so/softhsm/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

softhsm 2.7.0-r0

cryptographic store accessible through a PKCS #11

https://github.com/softhsm/SoftHSMv2

sudo apk add softhsm
  • License: BSD-2-Clause
  • Architecture: x86_64
  • Source Package: softhsm
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Softhsm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: softhsm from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

softhsm-doc 2.7.0-r0

cryptographic store accessible through a PKCS #11 (documentation)

https://github.com/softhsm/SoftHSMv2

sudo apk add softhsm-doc
  • License: BSD-2-Clause
  • Architecture: x86_64
  • Source Package: softhsm
  • normalized package name match
  • Matched by: Softhsm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: softhsm-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
apk95%

softhsm-static 2.7.0-r0

cryptographic store accessible through a PKCS #11 (static library)

https://github.com/softhsm/SoftHSMv2

sudo apk add softhsm-static
  • License: BSD-2-Clause
  • Architecture: x86_64
  • Source Package: softhsm
  • normalized package name match
  • Matched by: Softhsm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: softhsm-static from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
dnf95%

softhsm 2.7.0-0.1.rc1.fc44.1

Software version of a PKCS#11 Hardware Security Module

http://www.softhsm.org/

sudo dnf install softhsm
  • License: BSD-2-clause
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: softhsm
  • 12 dependencies
  • 5 provides
  • normalized package name match
  • Matched by: Softhsm
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: softhsm from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
dnf95%

softhsm-devel 2.7.0-0.1.rc1.fc44.1

Development package of softhsm that includes the header files

http://www.softhsm.org/

sudo dnf install softhsm-devel
  • License: BSD-2-clause
  • Category: Unspecified
  • Architecture: i686
  • Source Package: softhsm
  • 3 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Softhsm
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: softhsm-devel from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

softhsm 2.7.0-1

Software PKCS#11 store

https://opendnssec.readthedocs.io/en/latest/softhsm2/

sudo pacman -S softhsm
  • License: BSD-2-Clause
  • Architecture: x86_64
  • 4 dependencies
  • normalized package name match
  • Matched by: Softhsm
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: softhsm from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

softhsm 2.6.1+git.1732869438.f7883c2-2.4

Software version of a PKCS#11 Hardware Security Module

https://www.opendnssec.org/

sudo zypper install softhsm
  • License: BSD-2-Clause
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: softhsm
  • 19 dependencies
  • 5 provides
  • normalized package name match
  • Matched by: Softhsm
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: softhsm from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
zypper95%

softhsm-devel 2.6.1+git.1732869438.f7883c2-2.4

Development package of softhsm

https://www.opendnssec.org/

sudo zypper install softhsm-devel
  • License: BSD-2-Clause
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: softhsm
  • 3 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Softhsm
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: softhsm-devel from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

softhsm

sudo port install softhsm
  • normalized package name match
  • Matched by: Softhsm
MacPorts ports tree · api.github.com · MacPorts ports tree: security/softhsm/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment