diff --git a/CHANGES b/CHANGES
index d70f42d04c..b22184cf5e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+6329.	[func]		Add HSM support for dnssec-policy. You can now
+			configure keys with a key-store that allows you to
+			set the directory to store key files and to set a
+			PKCS #11 URI string. [GL #1129]
+
 6328.	[doc]		Update ZSK minimum lifetime documentation in ARM, also
 			depends on signing delay. [GL #4510]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 9867bbdc3a..9aa27c16ae 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -28,6 +28,11 @@ New Features
 - The statistics channel now includes counters that indicate the number
   of currently connected TCP IPv4/IPv6 clients. :gl:`#4425`
 
+- Add HSM support to :any:`dnssec-policy`. You can now configure keys with a
+  ``key-store`` that allows you to set the directory to store the key files and
+  set a PKCS#11 URI string. The latter requires OpenSSL 3 and a valid PKCS#11
+  provider to be configured for OpenSSL. :gl`#1129`.
+
 Removed Features
 ~~~~~~~~~~~~~~~~