dnst keyset kmip add-server supports a --pending argument that will initially set the HSM as disabled, i.e. not to be used by dnst keyset to generate keys, equivalent to later issuing a dnst keyset kmip disable command (assuming that all servers were added with --pending).
I find the term pending here confusing. It was intended to mean that the HSM isn't in use yet but will presumably be used later, but would it move to in use automatically in some way or by user action, the reality is the latter but I doubt that is clear from the name. It is also inconsistent with the term disable but has the same effect, the HSM will be added but disabled by default.
I suggest therefore to rename the argument --pending to --disabled.
dnst keyset kmip add-serversupports a--pendingargument that will initially set the HSM as disabled, i.e. not to be used bydnst keysetto generate keys, equivalent to later issuing adnst keyset kmip disablecommand (assuming that all servers were added with--pending).I find the term
pendinghere confusing. It was intended to mean that the HSM isn't in use yet but will presumably be used later, but would it move to in use automatically in some way or by user action, the reality is the latter but I doubt that is clear from the name. It is also inconsistent with the termdisablebut has the same effect, the HSM will be added but disabled by default.I suggest therefore to rename the argument
--pendingto--disabled.