KEY BACKUP

1. Backup your keys

2. ods-ksmutil backup prepare
   ods-ksmutil backup commit

KEY PRE-CREATION

Take a look at the existing keys:

# ods-ksmutil key list -v

Notice the keytypes, the tags

Notice that these keys are stored in the SoftHSM

# ods-hsmutil list

We can let OpenDNSSEC create keys "on the fly", or we can
prepare some in advance:

# ods-ksmutil key generate --p default --interval PT12H

(this would generate keys for the "default" policy, for the next 12 hours)

Look again at the list of keys in the HSM:

# ods-hsmutil list

ZSK ROLLOVER

# ods-ksmutil key rollover --zone mydomain --keytype ZSK

Now control the list of keys again:

# ods-ksmutil key list -v