The current behaviour (in EJBCA 6.3.2 and lower) for the EJBCA client toolbox command PKCS11HSMKeyTool generate, which creates a new key in HSM, is to overwrite the existing key (if it exists under the same provided name) without any warning, notice, or prompting.

This can have rather undesired effect if the generate command for database protection key is accidentally re-run after the key ceremony (in case where the command is still in history).

It would be much safer to have the command fail if the key with the same name already exists. If it is necessary to allow forcing the key overwrite, a new option should be added (let's say --force), and this option should also print out a warning in case the key just got overwritten.