PKCS #11 tokens and objects are stored in a VSAM data set called the token data set (TKDS). ICSF provides sample TKDS allocation jobs (members CSFTKDS and CSFTKD2) in SYS1.SAMPLIB. The TKDS contains individual entries for each token and object that is added to it. ICSF maintains two copies of the TKDS: a disk copy and an in-storage copy. Only token objects are stored in the TKDS. Session objects (which are not persistent) are stored in memory only.
The TKDS must be a key-sequenced data set with spanned variable length records and must be allocated on a permanently resident volume. For information on managing and sharing the TKDS in a sysplex environment, see z/OS Cryptographic Services ICSF Administrator's Guide.